Microsoft Root Certificate — Authority 2011.cer

On Windows:

On macOS / Linux:

| Aspect | Assessment | |--------|-------------| | Key length | 4096-bit RSA – extremely strong (equivalent to ~140 bits symmetric security). | | Hash algorithm | SHA-256 – no practical collision attacks as of 2026. | | Validity period | 20 years (2011–2031) – typical for roots, reduces re-deployment risk. | | Hardware protection | Microsoft stores private key in hardware security modules (HSMs) with strict access controls. | microsoft root certificate authority 2011.cer

To view the details of the .cer file or the store entry: On Windows:

certutil -dump "Microsoft Root Certificate Authority 2011.cer"

In high-security air-gapped environments, if an administrator manually configures a "Allow List" (white-listing), they must explicitly include the thumbprint of this certificate, or Microsoft-signed binaries will be treated as untrusted foreign objects. On macOS / Linux: