[firesteelrain]

There's a reason it costs money and it's because the CAs have to undergo costly audits. Microsoft publishes a list of trusted CAs:

https://ccadb.my.salesforce-sites.com/microsoft/IncludedCACe...

[a1o]

This looks like a random website and not a Microsoft website. How could I trust such list?

[firesteelrain]

Because it came from this site: https://learn.microsoft.com/en-us/security/trusted-root/part...

I used Google to search for "list of microsoft trusted CA".

[firesteelrain]

Looks like people have no experience with CA audits or security controls