ISRG Root X2 Submitted to Root Programs

It looks like ISRG Root X2 is in Microsoft's Root Program list now!

If you click through the link to the current list that comes from CCADB, both ISRG Root X1 and ISRG Root X2 are in the list.

I don't know what the timeframe is between it appearing in that list and showing up in automatic updates or however the certificates get distributed to the various Microsoft platforms, though.

7 Likes

Microsoft says: "The Microsoft Trusted Root Certificate Program releases changes to our Root Store on a monthly cadence, except for December." However, that's written on an aka.ms page (ie it should be linking to current material) with a list of updates and yet it was issued once in February and has never been updated since. So it may be reasonable to take with a grain of salt the "commitment" from Microsoft to obey this policy.

2 Likes

I find that MS continues to be extremely lazy and won't show the ISRG Root X2 cert in the trusted store until it has been accessed (at least in my case, directly).
I simply opened the cert and it then immediately showed in the trusted store (without any install).
https://crt.sh/?d=69729B8E15A86EFC177A57AFB7171DFC64ADD28C2FCA8CF1507E34453CCB1470

1 Like

Is there any beta test for ISRG Root X2

1 Like

What do you mean "beta test"?
It is in full production already.

1 Like

My cert is from X3 > R3 > Domain ? I requested ECDSA cert and thats what I got.

For now you have to request be allow-listed for ECDSA, see:

1 Like

OK, I think I understand you now.
I think that any new certs must now be avoiding the soon to be expiring DST Root CA X3.
But your browser may still show it (while it is still valid).

2 Likes

Mozilla has started the public discussion phase regarding the inclusion of ISRG Root X2:

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/D8coPL0eU3k/m/bE_aRuWxCAAJ

This is an important step in Mozillas inclusion process.

6 Likes