Root and intermediate certificates not compatible with Windows XP

[Cixert]

I am creating a package to update root and intermediate certificates on Windows XP, since I have not found anything on the Internet. After a few days I will publish it here, but first I want to correct some mistakes.
Several certificates give the following error:
"The certificate has a digital signature that is not valid"
I just reviewed the SHA-2 algorithm and see that it is compatible with Windows XP SP3. I also installed the SHA-2 Crypt32.dll update found here:
https://support.microsoft.com/en-us/help/968730/windows-server-2003-and-windows-xp-clients-cannot-obtain-certificates
However, although older certificates do not fail, the most modern root and intermediate certificates still fail.
For example:
Root:
Amazon Root CA 4
Amazon Root CA 5
DoD Root CA 4
DoD Root CA 5
Google Trust Services: Global Sign Root CA 4
GSM Association - RSP2 Root Cl1
Thawte Primary Root CA - G4
I link to Thawte certificates where they give the details of each of their certificates. The other certificates work fine but the G4 gives an error.
https://www.thawte.com/roots/
Something similar happens with Google certificates, they do not work:
GIAG3 ECC
GTS Root R3
GTS Root R4
https://pki.goog/

I have tested all the certificates on Windows Seven and several certificates no longer give this error, although some also give an error.
What can be the defect on Windows XP?
Is it possible that there is a failure in the checks of the CRL lists or is it a failure in the algorithms?

Edited August 15, 2018 by Cixert

[Mathwiz]

I believe the problem is Elliptic Curve Cryptography (ECC), not SHA2. As you know, the latest Crypt32.dll/SChannel.dll updates support SHA2, AES, and even TLS 1.2. But they still rely on the traditional RSA public-key algorithm to turn SHA2 hashes into digital signatures, and many new certificates use the ECC algorithm instead.

Edited August 16, 2018 by Mathwiz
I hate typos