Jump to content

Root Certificates and Revoked Certificates for Windows XP


heinoganda

Recommended Posts

Mathwiz and Dave-H - thanks for your tips.  But there's something plain old loveable about XP beginning to fall apart.  Like an old dog with arthritis, or using carbon paper on a manual typewriter.

And there's the sheer fun of going to MSFN and having alarms go off all over the place.  Why give that up?

Link to comment
Share on other sites


What do you expect? Official end of support was April 2014, now we are already in June 2018 and have at least until April 2019 the opportunity to get security updates. They were shown ways to at least circumvent the problems with the modern encryption technologies in OE6. I also had to choose a solution for myself. Make even a few thoughts about it.

:yes:

Link to comment
Share on other sites

I managed to understand what was causing the issue for me: it was blocked by the firewall my company has in place. Today I ran the cert update from home without the VPN and it worked flawlessly. ;)

Link to comment
Share on other sites

At this point I would like to point out again that there are still problems with the MS servers when downloading the SST files for the cert_updater and should look like this. :realmad: If necessary, try several times.

:)

Edited by heinoganda
Link to comment
Share on other sites

 

Update for root certificates:

New:

CN = Microsoft ECC Product Root Certificate Authority 2018
O = Microsoft Corporation
L = Redmond
S = Washington
C = US

Note:
Because this is an ECC certificate, this update is not relevant for Windows XP.

 

Update for Cert_Updater:

In Cert_Updater a feature was added.

:)

Edited by heinoganda
Link to comment
Share on other sites

  • 4 weeks later...

I'm still getting the huge numbers of error messages in my Windows Application log -

"Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file."

They seem to be coming regularly every seven days.
Is there no way of stopping this?
It's not related to @heinoganda's updater, or to HTTPSProxy, as it's now happening on my netbook too, which has never had either of them installed or run on it, or any other modification knowingly made to its certificate structure.

Presumably this isn't happening for everyone, or there would be far more reports of it, so why is it happening to me?!
:dubbio:

 

Link to comment
Share on other sites

Dave-H - You made me look, and I found the same error 11 in my Applications Event Viewer list!  This is your fault.

Well, if you try Thomas S's excellent link, please let us know.

Thanks.

Link to comment
Share on other sites

2 hours ago, Thomas S. said:

Thanks, I'm not sure whether I've been to that article before or not, but I'll certainly check it out.
I'm working in Windows 10 at the moment! :whistle:

Link to comment
Share on other sites

I looked at the article, and then remembered that I had been there before.
Unfortunately the "certutil" program does not exist in XP, so I didn't pursue the fix at that time, and the "fix-it" links just go the MS homepage.
This time I was more persistent, and I found that the "certutil" program can be added to XP by installing the Server 2003 Admin Pack.
This I did, and ran the command, and cleaned the folders specified.
On reboot, a lovely set of crypt32 updates in my Application log, with no errors!
:cheerleader::cheerleader::cheerleader::cheerleader:
So, fingers crossed it's finally fixed!
:yes:

Edited by Dave-H
Typo
Link to comment
Share on other sites

On 7/27/2018 at 2:09 AM, glnz said:

How does one find and insert the Server 2003 Admin Pack, and ...

Sometimes I am wondering about other people.

They are in Inet, but don't know how to use it...

So here is the only most useful advice to use Inet:

Mark the content You search for / need info about - copy - paste to GOOOOOOOOOOOOOOOOOOOOOOOOOGLE - and search.

In this case the FIRST (1. / 2. / ... !!) result is what you need... :angel

Ready to surf link here

[deleted]

Edited by Thomas S.
delete wrong link
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...