Archived from groups: microsoft.public.windowsxp.newusers (
More info?)
----- *Vanguard* wrote: -----
Nicholas said in
news:6E52C2AA-34BF-4B6F-A2BC-0F21C57F0387@microsoft.com:
> I have at least 10 Invalid or Expired Certificates in Intermediate
> and Trusted Root Certification Authorities .Should I remove them
> because they would be renewed when I visited each particular website
> ? 1 is a Microsoft Autheticode certificate, another Microsoft
> timestamp certificate , and another, a Microsoft Root Authority
> Certificate?
I forgot which software vendor I asked of this, but when I asked why I
needed their expired certificate, I was told that it was required for
their product to work as part of some authentication scheme. It didn't
matter that the certificate had expired. Their product would look for a
specific certificate (they have serial numbers), check it attributes
(but not that it expired), and qualify that their product could then
run. I think it was Symantec that told me this regarding their Norton
Internet Security or Anti-Virus products probably regarding LiveUpdate.
I don't see any expired Symantec certs now so maybe their LiveUpdate got
newer ones (it does require a root cert from Symantec before LiveUpdate
will work so maybe the install-time certs had already expired; I'm still
using the prior NIS2003 version), or it was because I downloaded their
newest version of LiveUpdate and maybe it includes a newer cert in its
install.
That was for expired certs, not for revoked ones. For me, there are
even a couple expired certs from Microsoft (they show in the Untrusted
Certificates category) but I'm a bit leery about them because their
Friendly Name is "Fraudulent, NOT Microsoft". I suppose it is possible
the Microsoft knows of a couple illegal certs pretending to be them so
they install them but as expired and with a warning in Friendly Name to
prevent products that use those illegal certs from running or validating
using them. So if the certificate can be identified by its "Issued To"
value, and especially in the descriptions, like Friendly Name, maybe you
can identify for what product the cert is used.
Even if you decide to delete them, first export them (and include the
private key). Then, in case you find something doesn't run because it
cannot find a digital signature for authentication, you can import the
saved cert.
--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
____________________________________________________________
I remembered being told something similar to what you wrote about compatibility , I think you are right. I updated Symantecs old Live Update 2 apparently and that went well, but had 2004 Antivirus. Seemed odd. By exporting I thought I would get a chance to export it to somewhere in particular but I did not get the opportunity to choose. Where did it go ?Thankyou for your reply.