Missing Certificates

[Bob]

Archived from groups: microsoft.public.win2000.security (More info?)

Working on a friends Windows 2000 Pro PC. Apparently
missing at least one trusted root certificate; i.e., the
No Liability Accepted (c)97 Verisign. When trying to
install SP4 on his Win 2000 also encountered problem with
Cryptographic services. Questions: (1) I have all 6 of
the required Trusted Root Certificates on my XP PC and
have exported them to CER files, can they safely be
imported to the Win2000 PC?, I know which DLL files are
necessary to be registered for the Cryptographic services
on the Win 2000 PC, but if I can get SP4 installed should
that be necessary? Thanks in advance for your response
to my email of owenhome@casscomm.com
Bob

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

1) Yes, it is perfectly safe to import certs exported from WinXp on Win2k.
However, trusting root certificates is an important policy decision with
serious security implications and hence should not be done without proper
care. However if the cert in question is a root cert trusted on WinXp, it is
probably safe to trust it on Win2k as well.

2) You should not be moving and registering system DLLs. It could lead to
unspecified behavior. Getting the latest service pack and the latest version
of IE (with its SP) should get you the latest DLLs.

--
Shreeniwas Kelkar [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.


"Bob" <anonymous@discussions.microsoft.com> wrote in message
news:1faa01c4f812$e5711630$a301280a@phx.gbl...
> Working on a friends Windows 2000 Pro PC. Apparently
> missing at least one trusted root certificate; i.e., the
> No Liability Accepted (c)97 Verisign. When trying to
> install SP4 on his Win 2000 also encountered problem with
> Cryptographic services. Questions: (1) I have all 6 of
> the required Trusted Root Certificates on my XP PC and
> have exported them to CER files, can they safely be
> imported to the Win2000 PC?, I know which DLL files are
> necessary to be registered for the Cryptographic services
> on the Win 2000 PC, but if I can get SP4 installed should
> that be necessary? Thanks in advance for your response
> to my email of owenhome@casscomm.com
> Bob

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I should think that the certificates will have no problem working on
Windows 2000.

Bob wrote:
> Working on a friends Windows 2000 Pro PC. Apparently
> missing at least one trusted root certificate; i.e., the
> No Liability Accepted (c)97 Verisign. When trying to
> install SP4 on his Win 2000 also encountered problem with
> Cryptographic services. Questions: (1) I have all 6 of
> the required Trusted Root Certificates on my XP PC and
> have exported them to CER files, can they safely be
> imported to the Win2000 PC?, I know which DLL files are
> necessary to be registered for the Cryptographic services
> on the Win 2000 PC, but if I can get SP4 installed should
> that be necessary? Thanks in advance for your response
> to my email of owenhome@casscomm.com
> Bob

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Thank you so much for your repy and advice; especially
those concerning the registering of DLLs. I has always
been my intentions to reinstall SP4. Wish me luck
<Smile>....Bob.

>-----Original Message-----
>1) Yes, it is perfectly safe to import certs exported
from WinXp on Win2k.
>However, trusting root certificates is an important
policy decision with
>serious security implications and hence should not be
done without proper
>care. However if the cert in question is a root cert
trusted on WinXp, it is
>probably safe to trust it on Win2k as well.
>
>2) You should not be moving and registering system DLLs.
It could lead to
>unspecified behavior. Getting the latest service pack
and the latest version
>of IE (with its SP) should get you the latest DLLs.
>
>--
>Shreeniwas Kelkar [MSFT]
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>"Bob" <anonymous@discussions.microsoft.com> wrote in
message
>news:1faa01c4f812$e5711630$a301280a@phx.gbl...
>> Working on a friends Windows 2000 Pro PC. Apparently
>> missing at least one trusted root certificate; i.e.,
the
>> No Liability Accepted (c)97 Verisign. When trying to
>> install SP4 on his Win 2000 also encountered problem
with
>> Cryptographic services. Questions: (1) I have all 6 of
>> the required Trusted Root Certificates on my XP PC and
>> have exported them to CER files, can they safely be
>> imported to the Win2000 PC?, I know which DLL files are
>> necessary to be registered for the Cryptographic
services
>> on the Win 2000 PC, but if I can get SP4 installed
should
>> that be necessary? Thanks in advance for your response
>> to my email of owenhome@casscomm.com
>> Bob
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Thank you also for your reply. Wish me luck on
reinstalling SP4....Bob.

>-----Original Message-----
>I should think that the certificates will have no
problem working on
>Windows 2000.
>
>Bob wrote:
>> Working on a friends Windows 2000 Pro PC. Apparently
>> missing at least one trusted root certificate; i.e.,
the
>> No Liability Accepted (c)97 Verisign. When trying to
>> install SP4 on his Win 2000 also encountered problem
with
>> Cryptographic services. Questions: (1) I have all 6
of
>> the required Trusted Root Certificates on my XP PC and
>> have exported them to CER files, can they safely be
>> imported to the Win2000 PC?, I know which DLL files
are
>> necessary to be registered for the Cryptographic
services
>> on the Win 2000 PC, but if I can get SP4 installed
should
>> that be necessary? Thanks in advance for your
response
>> to my email of owenhome@casscomm.com
>> Bob
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

How can one reinstall deleted and not anymore trusted root certificates on a
windows 2000 server?
Thanks

Julian Dragut
"Bob" <anonymous@discussions.microsoft.com> wrote in message
news:1faa01c4f812$e5711630$a301280a@phx.gbl...
> Working on a friends Windows 2000 Pro PC. Apparently
> missing at least one trusted root certificate; i.e., the
> No Liability Accepted (c)97 Verisign. When trying to
> install SP4 on his Win 2000 also encountered problem with
> Cryptographic services. Questions: (1) I have all 6 of
> the required Trusted Root Certificates on my XP PC and
> have exported them to CER files, can they safely be
> imported to the Win2000 PC?, I know which DLL files are
> necessary to be registered for the Cryptographic services
> on the Win 2000 PC, but if I can get SP4 installed should
> that be necessary? Thanks in advance for your response
> to my email of owenhome@casscomm.com
> Bob

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I have solved the issue, and in case someone has the same problem here's how
i did it:
I have exported only the trusted root certificates from a helthy server to a
file, and then imported them onto the faulty one...no more problems!
Cheers!
Julian Dragut
"Julian Dragut" <julianmd@groups.com> wrote in message
news:3e1Hd.19382$YI4.1159681@wagner.videotron.net...
> How can one reinstall deleted and not anymore trusted root certificates on
> a windows 2000 server?
> Thanks
>
> Julian Dragut
> "Bob" <anonymous@discussions.microsoft.com> wrote in message
> news:1faa01c4f812$e5711630$a301280a@phx.gbl...
>> Working on a friends Windows 2000 Pro PC. Apparently
>> missing at least one trusted root certificate; i.e., the
>> No Liability Accepted (c)97 Verisign. When trying to
>> install SP4 on his Win 2000 also encountered problem with
>> Cryptographic services. Questions: (1) I have all 6 of
>> the required Trusted Root Certificates on my XP PC and
>> have exported them to CER files, can they safely be
>> imported to the Win2000 PC?, I know which DLL files are
>> necessary to be registered for the Cryptographic services
>> on the Win 2000 PC, but if I can get SP4 installed should
>> that be necessary? Thanks in advance for your response
>> to my email of owenhome@casscomm.com
>> Bob
>
>