Leaderboard

Thanks, yes I have those versions of both files. Good to know where they came from!

this version of rsaenh.dll is included in KB4459091 update for XP embedded (need posready reg hack to install on other XP x86 editions) also need to update schannel.dll file (KB4459091 has 5.1.2600.7567 of that DLL file) edit - also read the following from this MS forum thread: so KB968730 is not really needed at all as newer updates include it

Just to be clear, and even though it may indeed be a moot point anyway, are you looking for KB968730 for Server 2003? If so... If you scroll down the page, both the x86 and x64 versions are available for Server 2003.

StartIsBack++ 2.9.12

(Edit: Please refer to the next post.) Attention! Changing the date to 7th of May doesn't show any problems. Chaning it to 11th of May (two days after SHA1 certificates have expired) does bring up the SEC_ERROR_OSCP_OLD_RESPONSE, if "Use OSCP to confirm the current validity of certificates" is activated in the New Moon browser (refer to my previous post for further info). Yes, it's correct that having a wrong date leads to HTTPS connection problems. But that is probably because of the actual HTTPS certificates, which are called "valid" for a specific period of time. Have a look at your HTTPS certificates in New Moon under Tools - Preferences - Advanced - Certificates - View Certificates. And double click on one. They have a "Begins On" and an "Expires On" date. Winding the BIOS clock back once a year might get XP-SP2 users out of trouble for now, but it's not a long term soulution and probably other programs will not work properly either with a wrong date. As it can be seen in the post of @Sampei.Nihira having the XP system updated works. I don't like that fact too, but I think I'll risk it and try it out on the odd Pentium 3. The reason are these thousand reports, that especially later updates slow the older OS down, because Microsoft-Monopoly wants to make the legacy systems look bad. I'll clone my hard drive before going to SP3! And if this performs well on this weak, 20-year old computer, your computers should be fine too. More tests to follow... @XPerceniol By the way, my rsaenh.dll of SP2 has version number 5.1.2600.2161, so it's older than yours.

highly unlikely that this forum will stop working

Though I DO really like that you avoid updates at all costs ( that's our man , please go on ! ) , I think your current connection problems are due to the time mismatch between you and the server , hence the error . For the future , just buy a cheap notebook with win 7/8/10 , let it update the certificates and simply export the registry entries , or use someone elses' , someone you don't care about , lol .

Did you try re-registering all the Installer dlls and such, or maybe reinstalling 4.5 altogether?? It seems to me that 4.5 usually supersedes 3.1, and anything that expects 3.1 should work just fine with 4.5, so maybe there's some subtle corruption going on somewhere.... Unless you can confirm it works 100% with anything other than the updates you're attempting to run? c

You're right, I didn't notice the dates.

Not here apparently.

Well that's not the only difference but that's what came to mind, and about 8.1 yeah i agree. They probably didn't make it SP1 so they could separate it from 8. But 8.1 is quite different under the hood.

Oh no! Bad news: There are SHA-1 troubles indeed! By accident, I only tested HTTPS sites that still work here, like "msfn.org" and my search engine "swisscows.com". However "startpage.com" and "duckduckgo.com" are broken, so are probably 60% of the HTTPS sites. This machine is an non-updated Windows XP SP2 with crypt32.dll of 2004, version 5.131.2600.2180. More investigation regarding that will follow... @Tripredacus Good, that you've written this! I wouldn't have given it another test!

WinXP X64 is based on the Server 2003 kernel (NT 5.2), so you need the Server 2003 version of the hotfix if you are running XP x64. If you need any version of the KB968730 hotfix, look on Thehotfixshare site.

OK, I tried that. Sigcheck doesn't actually work in Windows XP, so I had to do it in Windows 10. I guess the results are still valid though. This is the result from the November 2019 version, the last one which works for me - E:\Dump Folder\Nov 2019>sigcheck64 -i wsusscn2.cab Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich Sysinternals - www.sysinternals.com E:\Dump Folder\Nov 2019\wsusscn2.cab: Verified: Signed Signing date: 10:28 12/11/2019 Signing date: 10:28 12/11/2019 Catalog: E:\Dump Folder\Nov 2019\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Code Signing Cert Issuer: Microsoft Code Signing PCA Serial Number: 33 00 00 01 E3 7D A3 1F 82 84 DC E4 A1 00 02 00 00 01 E3 Thumbprint: C82273A065EC470FB1EBDE846A91E6FFB29E9C12 Algorithm: sha1RSA Valid from: 22:20 02/05/2019 Valid to: 22:20 02/05/2020 Microsoft Code Signing PCA Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 04 35 45 00 00 00 00 00 3F Thumbprint: 4BAEA1454B8D5DC845BDE7A2D9754FABC221267C Algorithm: sha1RSA Valid from: 18:42 20/09/2018 Valid to: 00:28 10/05/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA Serial Number: 33 00 00 01 2E 8F 84 66 68 39 BF 05 BD 00 00 00 00 01 2E Thumbprint: 621B12725AA5518FBDDE6044C838A0FC5031051A Algorithm: sha1RSA Valid from: 21:40 06/09/2019 Valid to: 21:40 04/12/2020 Microsoft Time-Stamp PCA Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 16 68 34 00 00 00 00 00 1C Thumbprint: 375FCB825C3DC3752A02E34EB70993B4997191EF Algorithm: sha1RSA Valid from: 13:53 03/04/2007 Valid to: 14:03 03/04/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Signing date: 10:28 12/11/2019 Catalog: E:\Dump Folder\Nov 2019\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Microsoft Publisher, Code Signing Cert Issuer: Microsoft Code Signing PCA 2011 Serial Number: 33 00 00 01 51 9E 8D 8F 40 71 A3 0E 41 00 00 00 00 01 51 Thumbprint: 62009AAABDAE749FD47D19150958329BF6FF4B34 Algorithm: sha256RSA Valid from: 22:37 02/05/2019 Valid to: 22:37 02/05/2020 Microsoft Code Signing PCA 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 61 0E 90 D2 00 00 00 00 00 03 Thumbprint: F252E794FE438E35ACE6E53762C0A234A2C52135 Algorithm: sha256RSA Valid from: 21:59 08/07/2011 Valid to: 22:09 08/07/2026 Microsoft Root Certificate Authority 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44 Thumbprint: 8F43288AD272F3103B6FB1428485EA3014C0BCFE Algorithm: sha256RSA Valid from: 23:05 22/03/2011 Valid to: 23:13 22/03/2036 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA 2010 Serial Number: 33 00 00 01 04 09 01 75 08 58 87 2D 29 00 00 00 00 01 04 Thumbprint: B3461E7F4748F3284C8854B673187816DC150A7D Algorithm: sha256RSA Valid from: 21:41 06/09/2019 Valid to: 21:41 04/12/2020 Microsoft Time-Stamp PCA 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 61 09 81 2A 00 00 00 00 00 02 Thumbprint: 2AA752FE64C49ABE82913C463529CF10FF2F04EE Algorithm: sha256RSA Valid from: 22:36 01/07/2010 Valid to: 22:46 01/07/2025 Microsoft Root Certificate Authority 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5 Algorithm: sha256RSA Valid from: 22:57 23/06/2010 Valid to: 23:04 23/06/2035 Company: n/a Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: n/a E:\Dump Folder\Nov 2019> Here is the result from the June 2020 version (the one you linked to on the Wayback Machine) which doesn't work for me - E:\Dump Folder\June 2020>sigcheck64 -i wsusscn2.cab Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich Sysinternals - www.sysinternals.com E:\Dump Folder\June 2020\wsusscn2.cab: Verified: Signed Signing date: 03:35 09/06/2020 Signing date: 03:35 09/06/2020 Catalog: E:\Dump Folder\June 2020\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Code Signing Cert Issuer: Microsoft Code Signing PCA Serial Number: 33 00 00 01 F3 07 55 2B 7B A6 03 AD 7C 00 02 00 00 01 F3 Thumbprint: 8C0FB087D6EB137F3FEE3AFA56F168FCA5224830 Algorithm: sha1RSA Valid from: 21:18 20/03/2020 Valid to: 21:18 30/09/2020 Microsoft Code Signing PCA Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 04 35 45 00 00 00 00 00 3F Thumbprint: 4BAEA1454B8D5DC845BDE7A2D9754FABC221267C Algorithm: sha1RSA Valid from: 18:42 20/09/2018 Valid to: 00:28 10/05/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA Serial Number: 33 00 00 01 57 07 C0 8F 80 56 2B E5 E1 00 00 00 00 01 57 Thumbprint: 3990841ADB1A09F011C25CE8E96BEFAD448834B2 Algorithm: sha1RSA Valid from: 02:13 19/12/2019 Valid to: 02:13 17/03/2021 Microsoft Time-Stamp PCA Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 16 68 34 00 00 00 00 00 1C Thumbprint: 375FCB825C3DC3752A02E34EB70993B4997191EF Algorithm: sha1RSA Valid from: 13:53 03/04/2007 Valid to: 14:03 03/04/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Signing date: 03:35 09/06/2020 Catalog: E:\Dump Folder\June 2020\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Microsoft Publisher, Code Signing Cert Issuer: Microsoft Code Signing PCA 2011 Serial Number: 33 00 00 01 87 72 17 72 15 59 40 C7 09 00 00 00 00 01 87 Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769 Algorithm: sha256RSA Valid from: 19:39 04/03/2020 Valid to: 19:39 03/03/2021 Microsoft Code Signing PCA 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 61 0E 90 D2 00 00 00 00 00 03 Thumbprint: F252E794FE438E35ACE6E53762C0A234A2C52135 Algorithm: sha256RSA Valid from: 21:59 08/07/2011 Valid to: 22:09 08/07/2026 Microsoft Root Certificate Authority 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44 Thumbprint: 8F43288AD272F3103B6FB1428485EA3014C0BCFE Algorithm: sha256RSA Valid from: 23:05 22/03/2011 Valid to: 23:13 22/03/2036 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA 2010 Serial Number: 33 00 00 01 1E 0E BC E5 4B 16 A2 03 1B 00 00 00 00 01 1E Thumbprint: 39C906E3EDE9AB3113FE8E3758BACA598CCAB0DC Algorithm: sha256RSA Valid from: 22:40 13/11/2019 Valid to: 22:40 11/02/2021 Microsoft Time-Stamp PCA 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 61 09 81 2A 00 00 00 00 00 02 Thumbprint: 2AA752FE64C49ABE82913C463529CF10FF2F04EE Algorithm: sha256RSA Valid from: 22:36 01/07/2010 Valid to: 22:46 01/07/2025 Microsoft Root Certificate Authority 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5 Algorithm: sha256RSA Valid from: 22:57 23/06/2010 Valid to: 23:04 23/06/2035 Company: n/a Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: n/a E:\Dump Folder\June 2020> And here's the result from the July 2020 version which I already had, and I understood to be the last SHA-1 signed version, which also doesn't work for me - E:\Dump Folder\July 2020>sigcheck64 -i wsusscn2.cab Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich Sysinternals - www.sysinternals.com E:\Dump Folder\July 2020\wsusscn2.cab: Verified: Signed Signing date: 02:41 14/07/2020 Signing date: 02:41 14/07/2020 Catalog: E:\Dump Folder\July 2020\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Code Signing Cert Issuer: Microsoft Code Signing PCA Serial Number: 33 00 00 01 F3 07 55 2B 7B A6 03 AD 7C 00 02 00 00 01 F3 Thumbprint: 8C0FB087D6EB137F3FEE3AFA56F168FCA5224830 Algorithm: sha1RSA Valid from: 21:18 20/03/2020 Valid to: 21:18 30/09/2020 Microsoft Code Signing PCA Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 04 35 45 00 00 00 00 00 3F Thumbprint: 4BAEA1454B8D5DC845BDE7A2D9754FABC221267C Algorithm: sha1RSA Valid from: 18:42 20/09/2018 Valid to: 00:28 10/05/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA Serial Number: 33 00 00 01 54 B0 93 6E 7C 4C 1C 1A 58 00 00 00 00 01 54 Thumbprint: 7E3F6224A15080E0D17B3B3ED7505E1CD704076D Algorithm: sha1RSA Valid from: 02:13 19/12/2019 Valid to: 02:13 17/03/2021 Microsoft Time-Stamp PCA Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Root Certificate Authority Serial Number: 61 16 68 34 00 00 00 00 00 1C Thumbprint: 375FCB825C3DC3752A02E34EB70993B4997191EF Algorithm: sha1RSA Valid from: 13:53 03/04/2007 Valid to: 14:03 03/04/2021 Microsoft Root Certificate Authority Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: sha1RSA Valid from: 00:19 10/05/2001 Valid to: 00:28 10/05/2021 Signing date: 02:41 14/07/2020 Catalog: E:\Dump Folder\July 2020\wsusscn2.cab Signers: Microsoft Corporation Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Microsoft Publisher, Code Signing Cert Issuer: Microsoft Code Signing PCA 2011 Serial Number: 33 00 00 01 87 72 17 72 15 59 40 C7 09 00 00 00 00 01 87 Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769 Algorithm: sha256RSA Valid from: 19:39 04/03/2020 Valid to: 19:39 03/03/2021 Microsoft Code Signing PCA 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 61 0E 90 D2 00 00 00 00 00 03 Thumbprint: F252E794FE438E35ACE6E53762C0A234A2C52135 Algorithm: sha256RSA Valid from: 21:59 08/07/2011 Valid to: 22:09 08/07/2026 Microsoft Root Certificate Authority 2011 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2011 Serial Number: 3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44 Thumbprint: 8F43288AD272F3103B6FB1428485EA3014C0BCFE Algorithm: sha256RSA Valid from: 23:05 22/03/2011 Valid to: 23:13 22/03/2036 Counter Signers: Microsoft Time-Stamp Service Cert Status: This certificate or one of the certificates in the certificate chain is not time valid. Valid Usage: Timestamp Signing Cert Issuer: Microsoft Time-Stamp PCA 2010 Serial Number: 33 00 00 01 11 0D 02 9E EE D4 ED 05 D4 00 00 00 00 01 11 Thumbprint: 41EEE6EDBC7A27CF7D9B938996861B1B5F9F74C7 Algorithm: sha256RSA Valid from: 00:19 24/10/2019 Valid to: 00:19 22/01/2021 Microsoft Time-Stamp PCA 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 61 09 81 2A 00 00 00 00 00 02 Thumbprint: 2AA752FE64C49ABE82913C463529CF10FF2F04EE Algorithm: sha256RSA Valid from: 22:36 01/07/2010 Valid to: 22:46 01/07/2025 Microsoft Root Certificate Authority 2010 Cert Status: Valid Valid Usage: All Cert Issuer: Microsoft Root Certificate Authority 2010 Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5 Algorithm: sha256RSA Valid from: 22:57 23/06/2010 Valid to: 23:04 23/06/2035 Company: n/a Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: n/a E:\Dump Folder\July 2020> I can't see any obvious differences, they all apparently have certificates which have either expired or are about to expire.

Thanks, I didn't think that was the problem. It's all a bit of a mystery though. The last version of wsusscn2.cab which works for me is the one from November 2019. The July 2020 version, even though it's supposed to still be SHA-1 signed, doesn't work, and nor do any of the other recent ones I've tried. It is strange that the error I'm getting says "no signature", not "invalid signature". I don't know if that is significant at all. AFAIK my system is completely up to date, with no updates outstanding.

@VistaLover It also expires before May 9 2021.

Evidently related to what abbodi1406 mentioned in his April 14 post on the previous page.

Also, the www.update.microsoft.com SHA1 certificate expires on May 5th 2021. Which is in 9 days. https://www.ssllabs.com/ssltest/analyze.html?d=www.update.microsoft.com

StartIsBack++ 2.9.10

Might be another bummer for XP Microsoft to use SHA-2 exclusively starting May 9, 2021 KB5003341: Issues you might encounter when SHA-1 Trusted Root Certificate Authority expires