apparently ZeroSSL has a cross-signed root until 2029 from AAA Certificate Services, which means it works from Windows 2000 and up - it was in the Microsoft Root Program by 2006.
curious if Win 2000 will actually validate it, since it contains a sha384 signature
I tried validating this hypothesis but the biggest hurdle is finding a server that hasn't dropped the SSL v2 handshake that is used in Win 2000