Changes in the list of installed root certificates

[IntoTheNature]

Hi Guys,

In latest versions of "windows-latest" my code signing job started to fail. I figured that the number of ROOT Certificates has become rather small:

CN=DST Root CA X3, O=Digital Signature Trust Co.
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, I... CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc... CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2... CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing... OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.",... CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust...

My codesigning cert is issued by godaddy and has this root cert: Go Daddy Root Certificate Authority - G2 ( 47beabc922eae80e78783462a79f45c254fde68b )

What was the reason of removing one of go daddy's root certs?

[al-cheb]

Hello, @IntoTheNature You can easily install Go Daddy Root Certificate Authority - G2 root ca at runtime. All certificates are available at - https://ssl-ccp.godaddy.com/repository/?origin=CALLISTO.

jobs:
  build:
    runs-on: [windows-latest]
    steps:
    - name: Path
      run: |
        Invoke-WebRequest https://ssl-ccp.godaddy.com/repository/gdroot-g2.crt -OutFile gdroot-g2.crt
        Import-Certificate -FilePath gdroot-g2.crt -CertStoreLocation Cert:\LocalMachine\Root
      shell: powershell

[IntoTheNature]

oh, for some reason I was sure that this wasn't possible due to security concerns. Thanks @al-cheb

[al-cheb]

@IntoTheNature Could we close the issue ?