Update Microsoft Root Certificate Management

13. April 2023

Automatic installation for certificate management on XP, Vista and the following Microsoft operating systems

The GLOBALTRUST root certificate is automatically recognized from XP and Vista and the certificate management is automatically updated from the operating system.

To check the validity of the GLOBALTRUST root certificates, your own computer (your own network) must allow a connection to the Microsoft update server (http://www.download.windowsupdate.com). The connection is made via port 80. In the course of this check, it may be necessary for the operating system to transfer certain files and update them on the local computer. They are http://www.download.windowsupdate.com/msdownload/update/v3/st… and http://www.download.windowsupdate.com/msdownload/update/v3/st…

The process takes place fully automatically and in the background. With restrictive firewall settings (content filter) or if updating the certificate management on the local computer is prohibited, problems may arise when recognizing the root certificate. In these cases, GLOBALTRUST/A-CERT Support can be contacted.


Depending on the operating system version (XP, Vista, W7, W8, W10, …) and the installed patches and service packs, the validation behaviour may vary. In general, earlier operating systems (XP) accept root certificates without a validity check, while newer operating systems have stricter validity checks and therefore require permanent access to https://www.download.windowsupdate.com.

Direct update of older operating systems

For older Microsoft operating systems, see https://docs.microsoft.com/en-us/previous-versions/

Automated installation via Microsoft update site

You can also go to the Microsoft update page (https://update.microsoft.com/) to update the certificate management. Select “Custom installation” and go to “Software optional”. Here you must select and install the “Root Certificate Update” update package. The GLOBALTRUST root certificate is now installed.

If you regularly make Windows updates (e.g. as part of the automatic update), the GLOBALTRUST root certificates should already be included in the operating system (since 11/2006).

Manual GLOBALTRUST Root Installation

If none of the procedures described above work, then there is always the option of installing the root certificates manually.

All GLOBALTRUST root certificates can be found at https://www.globaltrust.eu/static/all-stamm-cert.p7b.

Save the file on the desktop or in any directory. Run “right mouse button” → “Install Certificate”. You get to the “Certificate Import Wizard” → Next → Select certificate store automatically → Finish

The root certificates are correct if they have the correct thumbprint/print. The fingerprints are listed at https://globaltrust.eu/certificate-policy/.

Information about the fingerprint

Fingerprints are unique values ​​calculated mathematically from the file content, which enable the content to be identified quickly. At GLOBALTRUST we use the SHA1 and SHA256 fingerprint procedure, which was developed by NIST and NSA for high security requirements.

You might be interested in that

What are the costs of not going paperless?

What are the costs of not going paperless?

While digitization reached almost every aspect of daily work, the necessity for handwritten signatures in B2B environments preserves printing paper its crucial role – and incurs costs. However, by implementing e-signatures, businesses can reduce expenses, streamline processes, and contribute to a more sustainable...

read more
Sign and encrypt emails using an Apple iPhone

Sign and encrypt emails using an Apple iPhone

User guide for signing and encrypting emails with the GLOBALTRUST CLIENT certificate on your Apple iPhoneAs of May 10, 2023 1 Basic 1.1 Goals of this document A step-by-step guide on how to add the certificate to your iPhone to then sign and/or encrypt emails. This guide was created for an Apple iPhone (iOS version:...

read more