Trusted Root Certification Authorities for Federation Trusts

To establish a federation trust between your Exchange Server 2010 organization and Microsoft Federation Gateway, you must request and install an X.509 SSL certificate from a certification authority (CA) trusted by Windows Live.

The following table lists CAs trusted by Windows Live.

CA certificate friendly name Thumbprint



Digicert Global Root CA


Digicert High Assurance EV Root CA

‎91 8d a5 e4 99 c1 5f 7c 62 75 b1 24 fe de 53 35 7c 34 bd 36 CA (2048)

801D 62D0 7B44 9D5C 5C03 5C98 EA61 FA44 3C2A 58FE

Entrust Secure Server CA

99A6 9BE6 1AFE 886B 4D2B 8200 7CB8 54FC 317E 1539

Go Daddy Secure Certification Authority

‎7c46 56c3 061f 7f4c 0d67 b319 a855 f60e bc11 fc44

For more information about certificate requirements for Federation, see Understanding Federation.