Sign in with
Sign up | Sign in
Your question

Certificates

Last response: in Windows XP
Share
May 12, 2004 4:31:02 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I have at least 10 Invalid or Expired Certificates in Intermediate and Trusted Root Certification Authorities .Should I remove them because they would be renewed when I visited each particular website ? 1 is a Microsoft Autheticode certificate, another Microsoft timestamp certificate , and another, a Microsoft Root Authority Certificate?

More about : certificates

Anonymous
May 12, 2004 5:02:17 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Nicholas said in
news:6E52C2AA-34BF-4B6F-A2BC-0F21C57F0387@microsoft.com:
> I have at least 10 Invalid or Expired Certificates in Intermediate
> and Trusted Root Certification Authorities .Should I remove them
> because they would be renewed when I visited each particular website
> ? 1 is a Microsoft Autheticode certificate, another Microsoft
> timestamp certificate , and another, a Microsoft Root Authority
> Certificate?

I forgot which software vendor I asked of this, but when I asked why I
needed their expired certificate, I was told that it was required for
their product to work as part of some authentication scheme. It didn't
matter that the certificate had expired. Their product would look for a
specific certificate (they have serial numbers), check it attributes
(but not that it expired), and qualify that their product could then
run. I think it was Symantec that told me this regarding their Norton
Internet Security or Anti-Virus products probably regarding LiveUpdate.
I don't see any expired Symantec certs now so maybe their LiveUpdate got
newer ones (it does require a root cert from Symantec before LiveUpdate
will work so maybe the install-time certs had already expired; I'm still
using the prior NIS2003 version), or it was because I downloaded their
newest version of LiveUpdate and maybe it includes a newer cert in its
install.

That was for expired certs, not for revoked ones. For me, there are
even a couple expired certs from Microsoft (they show in the Untrusted
Certificates category) but I'm a bit leery about them because their
Friendly Name is "Fraudulent, NOT Microsoft". I suppose it is possible
the Microsoft knows of a couple illegal certs pretending to be them so
they install them but as expired and with a warning in Friendly Name to
prevent products that use those illegal certs from running or validating
using them. So if the certificate can be identified by its "Issued To"
value, and especially in the descriptions, like Friendly Name, maybe you
can identify for what product the cert is used.

Even if you decide to delete them, first export them (and include the
private key). Then, in case you find something doesn't run because it
cannot find a digital signature for authentication, you can import the
saved cert.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
____________________________________________________________
Anonymous
May 12, 2004 6:54:35 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Nicholas;

You can try to remove them, however.

[[When you attempt to remove a trusted root certificate authority by using
Microsoft Internet Explorer, the certificate authority may not be removed or
it may be reinstalled automatically.

This behavior can occur if the Update Root Certificates component is turned
on. The Update Root Certificates component automatically updates trusted
root certificate authorities from the Microsoft Update Server.]]

In Control Panel, double-click Add/Remove Programs.
Click Add/Remove Windows Components.
Scroll down to the Update Root Certificates component
-----------------

It has been explained to me that the expired certificates are needed for
backward compatability.


--
Hope this helps. Let us know.
Wes

In news:6E52C2AA-34BF-4B6F-A2BC-0F21C57F0387@microsoft.com,
Nicholas <anonymous@discussions.microsoft.com> hunted and pecked:
> I have at least 10 Invalid or Expired Certificates in Intermediate
> and Trusted Root Certification Authorities .Should I remove them
> because they would be renewed when I visited each particular website
> ? 1 is a Microsoft Autheticode certificate, another Microsoft
> timestamp certificate , and another, a Microsoft Root Authority
> Certificate?
Related resources
May 13, 2004 6:56:11 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

----- Wesley Vogel wrote: -----

Nicholas;

You can try to remove them, however.

[[When you attempt to remove a trusted root certificate authority by using
Microsoft Internet Explorer, the certificate authority may not be removed or
it may be reinstalled automatically.

This behavior can occur if the Update Root Certificates component is turned
on. The Update Root Certificates component automatically updates trusted
root certificate authorities from the Microsoft Update Server.]]

In Control Panel, double-click Add/Remove Programs.
Click Add/Remove Windows Components.
Scroll down to the Update Root Certificates component
-----------------

It has been explained to me that the expired certificates are needed for
backward compatability.


--
Hope this helps. Let us know.
Wes

In news:6E52C2AA-34BF-4B6F-A2BC-0F21C57F0387@microsoft.com,
Nicholas <anonymous@discussions.microsoft.com> hunted and pecked:
> I have at least 10 Invalid or Expired Certificates in Intermediate
> and Trusted Root Certification Authorities .Should I remove them
> because they would be renewed when I visited each particular website
> ? 1 is a Microsoft Autheticode certificate, another Microsoft
> timestamp certificate , and another, a Microsoft Root Authority
> Certificate?

The update Root Certificates 0.0 Mb's , and I found a Swisskey Root CA Certificate. It does not include a statement for me to find what it is for . It is in the Trusted Root Certificates.Thanhs for your reply.
May 13, 2004 7:01:03 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

----- *Vanguard* wrote: -----

Nicholas said in
news:6E52C2AA-34BF-4B6F-A2BC-0F21C57F0387@microsoft.com:
> I have at least 10 Invalid or Expired Certificates in Intermediate
> and Trusted Root Certification Authorities .Should I remove them
> because they would be renewed when I visited each particular website
> ? 1 is a Microsoft Autheticode certificate, another Microsoft
> timestamp certificate , and another, a Microsoft Root Authority
> Certificate?

I forgot which software vendor I asked of this, but when I asked why I
needed their expired certificate, I was told that it was required for
their product to work as part of some authentication scheme. It didn't
matter that the certificate had expired. Their product would look for a
specific certificate (they have serial numbers), check it attributes
(but not that it expired), and qualify that their product could then
run. I think it was Symantec that told me this regarding their Norton
Internet Security or Anti-Virus products probably regarding LiveUpdate.
I don't see any expired Symantec certs now so maybe their LiveUpdate got
newer ones (it does require a root cert from Symantec before LiveUpdate
will work so maybe the install-time certs had already expired; I'm still
using the prior NIS2003 version), or it was because I downloaded their
newest version of LiveUpdate and maybe it includes a newer cert in its
install.

That was for expired certs, not for revoked ones. For me, there are
even a couple expired certs from Microsoft (they show in the Untrusted
Certificates category) but I'm a bit leery about them because their
Friendly Name is "Fraudulent, NOT Microsoft". I suppose it is possible
the Microsoft knows of a couple illegal certs pretending to be them so
they install them but as expired and with a warning in Friendly Name to
prevent products that use those illegal certs from running or validating
using them. So if the certificate can be identified by its "Issued To"
value, and especially in the descriptions, like Friendly Name, maybe you
can identify for what product the cert is used.

Even if you decide to delete them, first export them (and include the
private key). Then, in case you find something doesn't run because it
cannot find a digital signature for authentication, you can import the
saved cert.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
____________________________________________________________
I remembered being told something similar to what you wrote about compatibility , I think you are right. I updated Symantecs old Live Update 2 apparently and that went well, but had 2004 Antivirus. Seemed odd. By exporting I thought I would get a chance to export it to somewhere in particular but I did not get the opportunity to choose. Where did it go ?Thankyou for your reply.
Anonymous
May 13, 2004 4:15:05 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Nicholas;

I've got a Swisskey Root CA Certificate.
Expires Thursday, 31 December, 2015 5:59:00 PM
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
Secure Email Server Authentication

--
Hope this helps. Let us know.
Wes

In news:2AD4429A-6916-4F60-9CAD-8D7122BA5E89@microsoft.com,
Nicholas <anonymous@discussions.microsoft.com> hunted and pecked:
> ----- Wesley Vogel wrote: -----
>
> Nicholas;
>
> You can try to remove them, however.
>
> [[When you attempt to remove a trusted root certificate
> authority by using Microsoft Internet Explorer, the certificate
> authority may not be removed or it may be reinstalled
> automatically.
>
> This behavior can occur if the Update Root Certificates
> component is turned on. The Update Root Certificates component
> automatically updates trusted root certificate authorities from
> the Microsoft Update Server.]]
>
> In Control Panel, double-click Add/Remove Programs.
> Click Add/Remove Windows Components.
> Scroll down to the Update Root Certificates component
> -----------------
>
> It has been explained to me that the expired certificates are
> needed for backward compatability.
>
>
> --
> Hope this helps. Let us know.
> Wes
>
> In news:6E52C2AA-34BF-4B6F-A2BC-0F21C57F0387@microsoft.com,
> Nicholas <anonymous@discussions.microsoft.com> hunted and
> pecked: > I have at least 10 Invalid or Expired Certificates in
> Intermediate > and Trusted Root Certification Authorities
> .Should I remove them > because they would be renewed when I
> visited each particular website > ? 1 is a Microsoft
> Autheticode certificate, another Microsoft > timestamp
> certificate , and another, a Microsoft Root Authority >
> Certificate?
>
> The update Root Certificates 0.0 Mb's , and I found a Swisskey
> Root CA Certificate. It does not include a statement for me to find
> what it is for . It is in the Trusted Root Certificates.Thanhs for
> your reply.
Anonymous
May 13, 2004 6:55:51 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Nicholas said in
news:76EBAB4C-5CF7-41EC-B851-69D9DCDB7318@microsoft.com:
> I remembered being told something similar to what you wrote
> about compatibility , I think you are right. I updated Symantecs old
> Live Update 2 apparently and that went well, but had 2004 Antivirus.
> Seemed odd. By exporting I thought I would get a chance to export it
> to somewhere in particular but I did not get the opportunity to
> choose. Where did it go ?Thankyou for your reply.

You never got the screen to prompt to what file to save the exported
certificate? Maybe it just aborted.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
____________________________________________________________
May 13, 2004 9:26:02 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Yes.Thankyou.
May 13, 2004 9:26:02 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Yes.Thankyou.
May 13, 2004 10:31:09 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

A question , If I delete Certificates and visited the website they were issued from would the site issue an updated certificate?
Anonymous
May 14, 2004 5:26:32 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Nicholas said in
news:188EC62B-954C-41A0-B0DF-83BF99E5A17E@microsoft.com:
> A question , If I delete Certificates and visited the website they
> were issued from would the site issue an updated certificate?

You should first get prompted to accept it. However, if you ever said
Yes to accept all certificates from that source then maybe you won't get
prompted. I just saw some Microsoft KB article that mentioned that. It
says to delete all Microsoft-named certificates if you want to ensure
you get prompt when offered another from that same-named source.

How to Determine Whether You Have Accepted Trust for Fraudulent
VeriSign-Issued Certificates
http://support.microsoft.com/?kbid=293816

Just in case, export it first and then delete it.

--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
____________________________________________________________
!