Jump to content

Root Certificates and Revoked Certificates for Windows XP


heinoganda

Recommended Posts


On the topic of unique identifiers for Windows Update or Microsoft Update by "rvkroots.exe" and "rootsupd.exe". Have taken the trouble and made in VMware a clean Windows XP SP3 installation. Now, the current status (10/21/2015) are not root certificate update and revoked certificates offered more! What ultimately means that the unique identifier of "rvkroots.exe" and "rootsupd.exe" no more influence has in Windows Update or Microsoft Update (As for me, I would this regard, do not change these Version entries. I see an attack point to the Windows XP user to get rid not pay for extended support.)!

(In May 2014 it was still relevant because I have occupied myself at an early stage with the problem of root certificate updates. Because Microsoft is starting as Windows Vista, after a system update, only the root certificate loading when required or tested for revoked certificates and thus stripped on an elegant way of Windows XP users.)

Thus, this issue has done.

 

Note: Has anyone ever looked at the date to the contribution of "rvkroots.exe" and "rootsupd.exe" I have posted on the forum? That irritates me very much.

 

@blackwingcat

In "rvkroots.exe" one can understand the version number yet, but with "rootsupd.exe" there is a future confusion if everyone thinks he would have updated again at a current time.

Here's an excerpt of my updated list:

Spoiler

rootsupd.exe   11/11/2013 v40    replaced! Root certificates November 2013   WU MU MSDC
rvkroots.exe   12/12/2013 v5     replaced! revoke certificates!              WU MU MSDC
rootsupd.exe   03/10/2014 v41    replaced! Root certificates March 2014      MSDC 
-----------------------------------------------------------------------------------------
End of Support April 2014
-----------------------------------------------------------------------------------------
rvkroots.exe   07/10/2014 v6     replaced! revoke certificates! (KB2982792)  MSDC SM
rootsupd.exe   11/21/2014 v42 ?  replaced! Root certificates November 2014   SM
rootsupd.exe   02/10/2015 v43 ?  replaced! Root certificates Februar 2015    SM
rootsupd.exe   03/09/2015 v44 ?  replaced! Root certificates March 2015      SM
rvkroots.exe   03/17/2015 v7     replaced! revoke certificates! (KB3046310)  MSDC SM
rvkroots.exe   03/25/2015 v8     replaced! revoke certificates! (KB3050995)  MSDC SM
rootsupd.exe   04/14/2015 v45 ?  replaced! Root certificates April 2015      SM
rootsupd.exe   06/25/2015 v46 ?  replaced! Root certificates Juni 2015       SM
rootsupd.exe   09/03/2015 v47 ?  Root certificates September 2015            SM
rvkroots.exe   09/24/2015 v9     revoke certificates (KB3097966)             SM

Note:
SMWU = Windows Update
MU = Microsoft Update
MSDC = Microsoft Download Center
SM = Self made

 

Secondly, no problem at WU and MU is a corresponding query in order to introduce users to exclude from WU or MU. (This may in Windows 2000 and older versions of Windows to play no role, but in Windows XP, there still functional updates are distributed.)

 

:)

Edited by heinoganda
Link to comment
Share on other sites

I was wondering about this too!

My machine is still regularly putting "crypt32" entries into the Application Event Log that say "Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>".

Is that doing what it should do anyway?

:unsure:

Link to comment
Share on other sites

@hmuellers

Firefox and Oracle Java has its own certificate management and is not dependent on the Windows Internal Certificate Management. By comparison, Chrome, IExplorer, automatic updates, RDP 7 (Encrypted connection possible), ect . is dependent on the Windows Internal Certificate Management.

 

Note: My .NET lists I have also been updated.

 

@Dave-H

Regarding the "crypt32" entries in the eventlog means that the root certificates in Windows is updated, if a certificate is detected that does not originate from a certified body. So to say only to need. (this function applies to experts as controversial possibly vulnerable, since possibly someone one could foist a rotten root certificate.) What however with revoked certificates under Windows XP (as Windows Vista automatically) does not take place! "rootsupd.exe" is of interest for a new installation or if this function (crypt32) subsequently uninstalled / deactivated.

 

Here is a list of root certificates from Windows XP to New installation and running "rootsupd.exe":

Spoiler

Issued on behalf of: 
AAA Certificate Services
AC Raíz Certicámara S.A.
AC RAIZ DNIEAC RAIZ FNMT-RCM
AC1 RAIZ MTIN 
ACCVRAIZ1
ACEDICOM Root
ACNLB
Actalis Authentication CA G1
Actalis Authentication Root CA
AddTrust External CA Root
AdminCA-CD-T01
Admin-Root-CA
ADOCA02
AffirmTrust
Commercial AffirmTrust
Networking AffirmTrust
Premium AffirmTrust
Premium ECC
America Online Root Certification Authority 1
ANCERT Certificados GN
ANCERT Certificados CGN V2
ANCERT Certificados Notariales
ANCERT Certificados Notariales V2
ANCERT Corporaciones de Derecho Publico
ANF Global Root CA
ANF Server CA
Application CA G2
Application CA G3 Root
ApplicationCA
ApplicationCA2 Root
ATHEX Root CA
Atos TrustedRoot 2011
A-Trust-nQual-03
A-Trust-Qual-02
A-Trust-Qual-03
A-Trust-Root-05
Autoridad Certificadora de la Asociacion Nacional del Notariado Mexicano
A.C.Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana
A.C.Autoridad Certificadora Raiz de la Secretaria de Economia
Autoridad Certificadora Raiz de la Secretaria de Economia
Autoridad Certificadora Raíz Nacional de Uruguay
Autoridad de Certificacion de la Abogacia
Autoridad de Certificacion Firmaprofesional CIF A62634068
Autoridad de Certificacion Raiz del Estado Venezolano
Autoridad de Certificacion Raiz del Estado Venezolano
Autoridade Certificadora Raiz Brasileira v1
Autoridade Certificadora Raiz Brasileira v2
Baltimore CyberTrust Root
Belgacom E-Trust Primary CA
Buypass Class 2 CA 1
Buypass Class 2 Root CA
Buypass Class 3 CA 1
Buypass Class 3 Root CA
C&W HKT SecureNet CA Class A
C&W HKT SecureNet CA Class B
C&W HKT SecureNet CA Root
C&W HKT SecureNet CA SGC RootCA 1 CA 
DATEV BT 01CA 
DATEV BT 02CA 
DATEV BT 03CA 
DATEV INT 01CA 
DATEV INT 02CA 
DATEV INT 03CA 
DATEV STD 01CA 
DATEV STD 02CA 
DATEV STD 03CA 
Disig CA 
Disig Root R1CA 
Disig Root R2CA 
WoSign ECC RootCA (Wosign China) 
CCA India 2011
CCA India 2014
CCA India 2015 SPL
Certeurope Root CA 2
Certification Authority of WoSign
Certification Authority of WoSign G2
CertignaCertinomis - Autorité RacineCertinomis - Root CA
Certipost E-Trust Primary Normalised CA
Certipost E-Trust Primary Qualified CA
Certipost E-Trust TOP Root CA
Certplus Root CA G1Certplus Root CA G2
certSIGN ROOT CA
Certum CA
Certum Trusted Network CA
Certum Trusted Network CA 2C
FCA EV ROOTCFCA GT CA
Chambers of Commerce Root
Chambers of Commerce Root - 2008
China Internet Network 
Information Center EV Certificates Root
Cisco Root CA 2048
Cisco RXC-R2
Class 1 Primary CA
Class 2 Primary CA
Class 3 Primary CA
Class 3 Public Primary Certification Authority
Class 3P Primary CA
Class 3TS Primary CA
CNNIC ROOTCommon Policy
COMODO Certification Authority
COMODO ECC Certification Authority
COMODO RSA Certification Authority
ComSign Advanced Security CA
ComSign CAComSign Global Root CA
ComSign Secured CA
Copyright (c) 1997 Microsoft Corp.
Correo Uruguayo - Root CA
Cybertrust Global Root
Deutsche Telekom Root CA 1
Deutsche Telekom Root CA 2
DigiCert Assured ID Root CA
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global Root CA
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert High Assurance EV Root CA
DigiCert Trusted Root G4
Digidentity L3 Root CA - G2
DST ACES CA X6DST Root CA 
X3D-TRUST Root CA 3 2013
D-TRUST Root Class 2 CA 2007
D-TRUST Root Class 3 CA 2 2009
D-TRUST Root Class 3 CA 2 EV 2009
D-TRUST Root Class 3 CA 2007
EBG Elektronik Sertifika Hizmet SaglayicisiEC-ACCE-CERT ROOT CA
Echoworx Root CA2
ECRaizEstadoEE Certification Centre Root CA
e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S2
E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S3E-ME SSI (RCA)
Entrust Root Certification Authority
Entrust Root Certification Authority - EC1
Entrust Root Certification Authority - G2
Entrust.net Certification Authority (2048)
Entrust.net Secure Server Certification Authoritye
PKI Root Certification Authority
Equifax Secure Certificate Authority
Equifax Secure Global eBusiness CA-1esignit.org
E-Tugra Certification Authority
EUnet International Root CA
Federal Common Policy CA 
FESTE, Public Notary Certs
FESTE, Verified CertsFirst Data Digital Certificates Inc. Certification Authority
FNMT Clase 2 CA
Fotanúsítványkiadó - Kormányzati Hitelesítés SzolgáltatóGDCA TrustAUTH R5 ROOT
GeoTrust Global CA
GeoTrust Global CA 2
GeoTrust Primary Certification Authority
GeoTrust Primary Certification Authority - G2
GeoTrust Primary Certification Authority - G3
GeoTrust Universal CA
GeoTrust Universal CA 2
Global Chambersign Root
Global Chambersign Root - 2008
GlobalSign
GlobalSign
GlobalSign
GlobalSign
GlobalSign
GlobalSign Root CA
GlobalSign Root CA
GLOBALTRUST
Go Daddy Class 2 Certification Authority
Go Daddy Root Certificate Authority - G2
Government Root Certification Authority
Government Root Certification Authority
GPKIRootCA
GPKIRootCA1
GTE CyberTrust Global Root
Halcom CA FO
Halcom CA PO 2
Halcom Root CA
Hellenic Academic and Research Institutions RootCA 2011
Hongkong Post Root CA 1
I.CA - Qualified Certification Authority, 09/2009
I.CA - Qualified root certificate
I.CA - Standard Certification Authority, 09/2009I.CA - Standard root certificate
IdenTrust Commercial Root CA 1
IdenTrust Public Sector Root CA 1
IGC/AIGC/A AC racine Etat francais
Izenpe.com
Izenpe.com
JCAN Root CA1
Juur-SKKEYNECTIS ROOT CA
KISA RootCA 1
LAWtrust Root Certification Authority 2048
LuxTrust Global Root
Macao Post eSignTrust Root Certification Authority (G02)
Microsec e-Szigno Root CA
Microsec e-Szigno Root CA 2009
Microsoft Authenticode(tm) Root Authority
Microsoft Root Authority
Microsoft Root Certificate Authority
Microsoft Root Certificate Authority 2010
Microsoft Root Certificate Authority 2011
MULTICERT Root Certification Authority 01
NetLock Arany (Class Gold) 
FotanúsítványNetLock Kozjegyzoi (Class A) 
TanusitvanykiadoNetLock Minositett Kozjegyzoi (Class QA) 
TanusitvanykiadoNetLock Platina (Class Platinum) 
FotanúsítványNetrust CA1
Network Solutions Certificate Authority
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Notarius Root Certificate Authority
OATI WebCARES Root CA
OISTE WISeKey Global Root GA CA
OpenTrust Root CA G1
OpenTrust Root CA G2
OpenTrust Root CA G3
PersonalID Trustworthy RootCA 2011
Post.Trust Root CA
Posta CA Root
POSTArCA
PostSignum Root QCA 2
PTT Post Root CA
Public Notary Root
QuoVadis Root CA 1 G3
QuoVadis Root CA 2
QuoVadis Root CA 2 G3
QuoVadis Root CA 3
QuoVadis Root CA 3 G3
QuoVadis Root Certification Authority
Registradores de España - CA 
RaízRoot CA Generalitat Valenciana
RSA Security 2048 V3
SAPO Class 2 Root CA
SAPO Class 3 Root CA
SAPO Class 4 Root CA
Saudi National Root CA
Saunalahden Serveri CA
Saunalahden Serveri CA
Secure Global CA
SecureNet CA Class A
SecureNet CA Root
SecureNet CA SGC Root
SecureSign RootCA1
SecureSign RootCA11
SecureSign RootCA2
SecureSign RootCA3
SecureTrust CA
Security Communication EV RootCA1
Security Communication RootCA1
Security Communication RootCA2
Serasa Certificate Authority I
Serasa Certificate Authority II
Serasa Certificate Authority III
SG TRUST SERVICES RACINESIA Secure Client CA
SIA Secure Server CA
sigen-ca
Signet Root CA
sigov-ca
SITHS CA v3
SITHS Root CA v1
Sonera Class1 CA
Sonera Class2 CA
SSC GDL CA Root B
SSC Root CA A
SSC Root CA B
SSC Root CA C
Staat der Nederlanden EV Root CA
Staat der Nederlanden Root CA
Staat der Nederlanden Root CA - G2
Staat der Nederlanden Root CA - G3
Starfield Class 2 Certification Authority
Starfield Root Certificate Authority - G2
Starfield Services Root Certificate Authority
Starfield Services Root Certificate Authority - G2
StartCom Certification Authority
StartCom Certification Authority G2
S-TRUST Authentication and Encryption Root CA 2005:PNS-TRUST Universal Root CA
Swedish Government Root Authority v1
Swedish Government Root Authority v2
Swiss Government Root CA I
Swiss Government Root CA II
Swisscom Root CA 1
Swisscom Root CA 2
Swisscom Root EV CA 2
SwissSign Gold CA - G2
SwissSign Gold Root CA - G3
SwissSign Platinum CA - G2
SwissSign Platinum Root CA - G3
SwissSign Silver CA - G2
SwissSign Silver Root CA - G3
Symantec Class 1 Public Primary Certification Authority - G4
Symantec Class 1 Public Primary Certification Authority - G6
Symantec Class 2 Public Primary Certification Authority - G4
Symantec Class 2 Public Primary Certification Authority - G6
Symantec Class 3 Public Primary Certification Authority - G4
Symantec Class 3 Public Primary Certification Authority - G6
SZAFIR ROOT CA
TC TrustCenter Class 2 CA II
TC TrustCenter Class 3 CA II
TC TrustCenter Class 4 CA II
TC TrustCenter Universal CA I
TC TrustCenter Universal CA III
TDC OCES CA
TeliaSonera Root CA v1
Thailand National Root Certification Authority - G1
Thawte Premium Server CA
thawte Primary Root CA
thawte Primary Root CA - G2
thawte Primary Root CA - G3
Thawte Server CA
Thawte Timestamping CA
TM Applied Business Root Certificate
TRUST2408 OCES Primary CA
TrustCor ECA-1
TrustCor RootCert CA-1
TrustCor RootCert CA-2
Trustis EVS Root CA
Trustis FPS Root CA
T-TeleSec GlobalRoot Class 2
T-TeleSec GlobalRoot Class 3
TÜBITAK UEKAE Kök Sertifika Hizmet Saglayicisi - Sürüm 3Tunisian Root Certificate Authority - TunRootCA2
TÜRKTRUST Elektronik Islem Hizmetleri
TÜRKTRUST Elektronik Islem Hizmetleri
TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi
TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi
TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi
TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi H5
TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi H6
TWCA Global Root CA
TWCA Root Certification Authority
TWCA Root Certification Authority
UCA Global Root
UCA Root
USERTrust ECC Certification Authority
USERTrust RSA Certification Authority
UTN - DATACorp SGC
UTN-USERFirst-Client Authentication and Email
UTN-USERFirst-Hardware
UTN-USERFirst-Network Applications
UTN-USERFirst-ObjectVAS 
Latvijas Pasts SSI(RCA)
VeriSign Class 1 Public Primary Certification Authority - G3
VeriSign Class 2 Public Primary Certification Authority - G3
VeriSign Class 3 Public Primary Certification Authority - G3
VeriSign Class 3 Public Primary Certification Authority - G4
VeriSign Class 3 Public Primary Certification Authority - G5
VeriSign Class 4 Public Primary Certification Authority - G3
VeriSign Commercial Software Publishers CA
VeriSign Trust Network
VeriSign Universal Root Certification Authority
Verizon Global Root CA
VI Registru Centras RCSC (RootCA)
Visa eCommerce Root
Visa Information Delivery Root CA
VRK Gov. Root CA
WellsSecure Public Root Certificate Authority
WellsSecure Public Root Certification Authority 01 G2
XRamp Global Certification Authority 

373 Certificates

 

 

Here is a list of rekoved certificates from Windows XP to New installation and running "rvkroots.exe" (Security Advisories):

Spoiler

Issued on behalf of: 
*.EGO.GOV.TR
*.google.com
AC DG Trésor SSL
addons.mozilla.org
Alpha Networks Inc.
CN=Microsoft Online Svcs BPOS APAC CA4
DigiNotar Cyber CA
DigiNotar Cyber CA
DigiNotar Cyber CA
DigiNotar PKIoverheid CA Organisatie - G2
DigiNotar PKIoverheid CA Overheid
DigiNotar PKIoverheid CA Overheid en Bedrijven
DigiNotar Root CA
DigiNotar Root CA
DigiNotar Root CA
DigiNotar Root CA G2
DigiNotar Services 1024 CA
Digisign Server ID - (Enrich)
Digisign Server ID (Enrich)
D-LINK CORPORATION
e-islem.kktcmerkezbankasi.orgglobal trusteeKEEBOX, INC
login.live.com
login.skype.com
login.yahoo.com
login.yahoo.com
login.yahoo.com
mail.google.com
MCSHOLDING TEST
Microsoft Corporation
Microsoft Corporation
Microsoft Enforced Licensing Intermediate PCA
Microsoft Enforced Licensing Intermediate PCA
Microsoft Enforced Licensing Registration Authority CA (SHA1)
Microsoft Genuine Windows Phone Public Preview CA01
Microsoft IPTVe CA
Microsoft Online CA001
Microsoft Online Svcs BPOS APAC CA1
Microsoft Online Svcs BPOS APAC CA2
Microsoft Online Svcs BPOS APAC CA3
Microsoft Online Svcs BPOS APAC CA5
Microsoft Online Svcs BPOS APAC CA6
Microsoft Online Svcs BPOS CA1
Microsoft Online Svcs BPOS CA2
Microsoft Online Svcs BPOS CA2
Microsoft Online Svcs BPOS CA2
Microsoft Online Svcs BPOS EMEA CA1
Microsoft Online Svcs BPOS EMEA CA2
Microsoft Online Svcs BPOS EMEA CA3
Microsoft Online Svcs BPOS EMEA CA4
Microsoft Online Svcs BPOS EMEA CA5
Microsoft Online Svcs BPOS EMEA CA6
Microsoft Online Svcs CA1
Microsoft Online Svcs CA1
Microsoft Online Svcs CA3
Microsoft Online Svcs CA3
Microsoft Online Svcs CA4
Microsoft Online Svcs CA4
Microsoft Online Svcs CA5
Microsoft Online Svcs CA5
Microsoft Online Svcs CA6
NIC CA 2011
NIC CA 2014
NIC Certifying Authority
TRENDnet, Inc.
www.google.com
www.live.fi

68 Certificates

 

 

Based on the lists, you can look in the Certificate Manager and make a comparison.

 

:)

Edited by heinoganda
Link to comment
Share on other sites

@hmuellers

Damage can be a root certificates update is not (Unfortunately, I do not know what the future Microsoft still plans), but safety relevant are the revoked certificates! (Since it's enough if automatic updates are enabled, you might get accidental harmful update because the safety chain is open.)

 

On the subject of the .NET Framework installation with update (.NET 3.5 and 4) I have times with the "hotfixinstaller" in the update packages deals. Now, all .NET 3.5 updates, and .NET 4 updates have each combined into one package. A test installation under VMware with a processor (2.4 Ghz) and 512MB memory (Complete .NET 3.5 & 4) I have 25 minutes. required! What do you think about it?

 

:)

Edited by heinoganda
Link to comment
Share on other sites

@hmuellers

Quite simple really, look here https://technet.microsoft.com/en-us/library/security/3097966.aspx there are listed the current revoked certificates. Then look in your Certificate Manager on revoked certificates if present, would currently 68 certificates to be listed as disabled.

By POSReady 2009 trick I have when I check by IExplorer the updates no corresponding update available to this day. (The same with automatic updates)

 

Have times after the update (KB2677070) sought where the function of automatic update of revoked certificates implemented, there was no update for Windows XP incl. Div. Derivatives such as POSReady 2009 provided. Just because you entry in a registry making means that this is still far from this feature available. (The only thing that has Windows XP, which is at an unknown root certificate that is downloaded when needed at Microsoft. This has absolutely nothing to do with revoked certificates.) In short words, a way how to make do I have provided, ultimately can handle everyone as he wants, otherwise I am very realistic and facts speak for themselves.

 

In .NET Framework I thought of update rollups that are of particular interest for new installations. (There are any resembled the *.msp files within a Hotfixinstallerpaket summarized)

 

:)

Edited by heinoganda
Link to comment
Share on other sites

@hmuellers

Firefox and Oracle Java has its own certificate management and is not dependent on the Windows Internal Certificate Management. By comparison, Chrome, IExplorer, automatic updates, RDP 7 (Encrypted connection possible), ect . is dependent on the Windows Internal Certificate Management.

 

Note: My .NET lists I have also been updated.

 

@Dave-H

Regarding the "crypt32" entries in the eventlog means that the root certificates in Windows is updated, if a certificate is detected that does not originate from a certified body. So to say only to need. (this function applies to experts as controversial possibly vulnerable, since possibly someone one could foist a rotten root certificate.) What however with revoked certificates under Windows XP (as Windows Vista automatically) does not take place! "rootsupd.exe" is of interest for a new installation or if this function (crypt32) subsequently uninstalled / deactivated.

 

Here is a list of root certificates from Windows XP to New installation and running "rootsupd.exe":

Issued on behalf of: AAA Certificate ServicesAC Raíz Certicámara S.A.AC RAIZ DNIEAC RAIZ FNMT-RCMAC1 RAIZ MTINACCVRAIZ1ACEDICOM RootACNLBActalis Authentication CA G1Actalis Authentication Root CAAddTrust External CA RootAdminCA-CD-T01Admin-Root-CAADOCA02AffirmTrust CommercialAffirmTrust NetworkingAffirmTrust PremiumAffirmTrust Premium ECCAmerica Online Root Certification Authority 1ANCERT Certificados CGNANCERT Certificados CGN V2ANCERT Certificados NotarialesANCERT Certificados Notariales V2ANCERT Corporaciones de Derecho PublicoANF Global Root CAANF Server CAApplication CA G2Application CA G3 RootApplicationCAApplicationCA2 RootATHEX Root CAAtos TrustedRoot 2011A-Trust-nQual-03A-Trust-Qual-02A-Trust-Qual-03A-Trust-Root-05Autoridad Certificadora de la Asociacion Nacional del Notariado Mexicano, A.C.Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C.Autoridad Certificadora Raiz de la Secretaria de EconomiaAutoridad Certificadora Raiz de la Secretaria de EconomiaAutoridad Certificadora Raíz Nacional de UruguayAutoridad de Certificacion de la AbogaciaAutoridad de Certificacion Firmaprofesional CIF A62634068Autoridad de Certificacion Raiz del Estado VenezolanoAutoridad de Certificacion Raiz del Estado VenezolanoAutoridade Certificadora Raiz Brasileira v1Autoridade Certificadora Raiz Brasileira v2Baltimore CyberTrust RootBelgacom E-Trust Primary CABuypass Class 2 CA 1Buypass Class 2 Root CABuypass Class 3 CA 1Buypass Class 3 Root CAC&W HKT SecureNet CA Class AC&W HKT SecureNet CA Class BC&W HKT SecureNet CA RootC&W HKT SecureNet CA SGC RootCA 1CA DATEV BT 01CA DATEV BT 02CA DATEV BT 03CA DATEV INT 01CA DATEV INT 02CA DATEV INT 03CA DATEV STD 01CA DATEV STD 02CA DATEV STD 03CA DisigCA Disig Root R1CA Disig Root R2CA WoSign ECC RootCA (Wosign China)CCA India 2011CCA India 2014CCA India 2015 SPLCerteurope Root CA 2Certification Authority of WoSignCertification Authority of WoSign G2CertignaCertinomis - Autorité RacineCertinomis - Root CACertipost E-Trust Primary Normalised CACertipost E-Trust Primary Qualified CACertipost E-Trust TOP Root CACertplus Root CA G1Certplus Root CA G2certSIGN ROOT CACertum CACertum Trusted Network CACertum Trusted Network CA 2CFCA EV ROOTCFCA GT CAChambers of Commerce RootChambers of Commerce Root - 2008China Internet Network Information Center EV Certificates RootCisco Root CA 2048Cisco RXC-R2Class 1 Primary CAClass 2 Primary CAClass 3 Primary CAClass 3 Public Primary Certification AuthorityClass 3P Primary CAClass 3TS Primary CACNNIC ROOTCommon PolicyCOMODO Certification AuthorityCOMODO ECC Certification AuthorityCOMODO RSA Certification AuthorityComSign Advanced Security CAComSign CAComSign Global Root CAComSign Secured CACopyright (c) 1997 Microsoft Corp.Correo Uruguayo - Root CACybertrust Global RootDeutsche Telekom Root CA 1Deutsche Telekom Root CA 2DigiCert Assured ID Root CADigiCert Assured ID Root G2DigiCert Assured ID Root G3DigiCert Global Root CADigiCert Global Root G2DigiCert Global Root G3DigiCert High Assurance EV Root CADigiCert Trusted Root G4Digidentity L3 Root CA - G2DST ACES CA X6DST Root CA X3D-TRUST Root CA 3 2013D-TRUST Root Class 2 CA 2007D-TRUST Root Class 3 CA 2 2009D-TRUST Root Class 3 CA 2 EV 2009D-TRUST Root Class 3 CA 2007EBG Elektronik Sertifika Hizmet SaglayicisiEC-ACCE-CERT ROOT CAEchoworx Root CA2ECRaizEstadoEE Certification Centre Root CAe-Guven Kok Elektronik Sertifika Hizmet SaglayicisiE-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S2E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S3E-ME SSI (RCA)Entrust Root Certification AuthorityEntrust Root Certification Authority - EC1Entrust Root Certification Authority - G2Entrust.net Certification Authority (2048)Entrust.net Secure Server Certification AuthorityePKI Root Certification AuthorityEquifax Secure Certificate AuthorityEquifax Secure Global eBusiness CA-1esignit.orgE-Tugra Certification AuthorityEUnet International Root CAFederal Common Policy CAFESTE, Public Notary CertsFESTE, Verified CertsFirst Data Digital Certificates Inc. Certification AuthorityFNMT Clase 2 CAFotanúsítványkiadó - Kormányzati Hitelesítés SzolgáltatóGDCA TrustAUTH R5 ROOTGeoTrust Global CAGeoTrust Global CA 2GeoTrust Primary Certification AuthorityGeoTrust Primary Certification Authority - G2GeoTrust Primary Certification Authority - G3GeoTrust Universal CAGeoTrust Universal CA 2Global Chambersign RootGlobal Chambersign Root - 2008GlobalSignGlobalSignGlobalSignGlobalSignGlobalSignGlobalSign Root CAGlobalSign Root CAGLOBALTRUSTGo Daddy Class 2 Certification AuthorityGo Daddy Root Certificate Authority - G2Government Root Certification AuthorityGovernment Root Certification AuthorityGPKIRootCAGPKIRootCA1GTE CyberTrust Global RootHalcom CA FOHalcom CA PO 2Halcom Root CAHellenic Academic and Research Institutions RootCA 2011Hongkong Post Root CA 1I.CA - Qualified Certification Authority, 09/2009I.CA - Qualified root certificateI.CA - Standard Certification Authority, 09/2009I.CA - Standard root certificateIdenTrust Commercial Root CA 1IdenTrust Public Sector Root CA 1IGC/AIGC/A AC racine Etat francaisIzenpe.comIzenpe.comJCAN Root CA1Juur-SKKEYNECTIS ROOT CAKISA RootCA 1LAWtrust Root Certification Authority 2048LuxTrust Global RootMacao Post eSignTrust Root Certification Authority (G02)Microsec e-Szigno Root CAMicrosec e-Szigno Root CA 2009Microsoft Authenticode(tm) Root AuthorityMicrosoft Root AuthorityMicrosoft Root Certificate AuthorityMicrosoft Root Certificate Authority 2010Microsoft Root Certificate Authority 2011MULTICERT Root Certification Authority 01NetLock Arany (Class Gold) FotanúsítványNetLock Kozjegyzoi (Class A) TanusitvanykiadoNetLock Minositett Kozjegyzoi (Class QA) TanusitvanykiadoNetLock Platina (Class Platinum) FotanúsítványNetrust CA1Network Solutions Certificate AuthorityNO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.Notarius Root Certificate AuthorityOATI WebCARES Root CAOISTE WISeKey Global Root GA CAOpenTrust Root CA G1OpenTrust Root CA G2OpenTrust Root CA G3PersonalID Trustworthy RootCA 2011Post.Trust Root CAPosta CA RootPOSTArCAPostSignum Root QCA 2PTT Post Root CAPublic Notary RootQuoVadis Root CA 1 G3QuoVadis Root CA 2QuoVadis Root CA 2 G3QuoVadis Root CA 3QuoVadis Root CA 3 G3QuoVadis Root Certification AuthorityRegistradores de España - CA RaízRoot CA Generalitat ValencianaRSA Security 2048 V3SAPO Class 2 Root CASAPO Class 3 Root CASAPO Class 4 Root CASaudi National Root CASaunalahden Serveri CASaunalahden Serveri CASecure Global CASecureNet CA Class ASecureNet CA RootSecureNet CA SGC RootSecureSign RootCA1SecureSign RootCA11SecureSign RootCA2SecureSign RootCA3SecureTrust CASecurity Communication EV RootCA1Security Communication RootCA1Security Communication RootCA2Serasa Certificate Authority ISerasa Certificate Authority IISerasa Certificate Authority IIISG TRUST SERVICES RACINESIA Secure Client CASIA Secure Server CAsigen-caSignet Root CAsigov-caSITHS CA v3SITHS Root CA v1Sonera Class1 CASonera Class2 CASSC GDL CA Root BSSC Root CA ASSC Root CA BSSC Root CA CStaat der Nederlanden EV Root CAStaat der Nederlanden Root CAStaat der Nederlanden Root CA - G2Staat der Nederlanden Root CA - G3Starfield Class 2 Certification AuthorityStarfield Root Certificate Authority - G2Starfield Services Root Certificate AuthorityStarfield Services Root Certificate Authority - G2StartCom Certification AuthorityStartCom Certification Authority G2S-TRUST Authentication and Encryption Root CA 2005:PNS-TRUST Universal Root CASwedish Government Root Authority v1Swedish Government Root Authority v2Swiss Government Root CA ISwiss Government Root CA IISwisscom Root CA 1Swisscom Root CA 2Swisscom Root EV CA 2SwissSign Gold CA - G2SwissSign Gold Root CA - G3SwissSign Platinum CA - G2SwissSign Platinum Root CA - G3SwissSign Silver CA - G2SwissSign Silver Root CA - G3Symantec Class 1 Public Primary Certification Authority - G4Symantec Class 1 Public Primary Certification Authority - G6Symantec Class 2 Public Primary Certification Authority - G4Symantec Class 2 Public Primary Certification Authority - G6Symantec Class 3 Public Primary Certification Authority - G4Symantec Class 3 Public Primary Certification Authority - G6SZAFIR ROOT CATC TrustCenter Class 2 CA IITC TrustCenter Class 3 CA IITC TrustCenter Class 4 CA IITC TrustCenter Universal CA ITC TrustCenter Universal CA IIITDC OCES CATeliaSonera Root CA v1Thailand National Root Certification Authority - G1Thawte Premium Server CAthawte Primary Root CAthawte Primary Root CA - G2thawte Primary Root CA - G3Thawte Server CAThawte Timestamping CATM Applied Business Root CertificateTRUST2408 OCES Primary CATrustCor ECA-1TrustCor RootCert CA-1TrustCor RootCert CA-2Trustis EVS Root CATrustis FPS Root CAT-TeleSec GlobalRoot Class 2T-TeleSec GlobalRoot Class 3TÜBITAK UEKAE Kök Sertifika Hizmet Saglayicisi - Sürüm 3Tunisian Root Certificate Authority - TunRootCA2TÜRKTRUST Elektronik Islem HizmetleriTÜRKTRUST Elektronik Islem HizmetleriTÜRKTRUST Elektronik Sertifika Hizmet SaglayicisiTÜRKTRUST Elektronik Sertifika Hizmet SaglayicisiTÜRKTRUST Elektronik Sertifika Hizmet SaglayicisiTÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi H5TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi H6TWCA Global Root CATWCA Root Certification AuthorityTWCA Root Certification AuthorityUCA Global RootUCA RootUSERTrust ECC Certification AuthorityUSERTrust RSA Certification AuthorityUTN - DATACorp SGCUTN-USERFirst-Client Authentication and EmailUTN-USERFirst-HardwareUTN-USERFirst-Network ApplicationsUTN-USERFirst-ObjectVAS Latvijas Pasts SSI(RCA)VeriSign Class 1 Public Primary Certification Authority - G3VeriSign Class 2 Public Primary Certification Authority - G3VeriSign Class 3 Public Primary Certification Authority - G3VeriSign Class 3 Public Primary Certification Authority - G4VeriSign Class 3 Public Primary Certification Authority - G5VeriSign Class 4 Public Primary Certification Authority - G3VeriSign Commercial Software Publishers CAVeriSign Trust NetworkVeriSign Universal Root Certification AuthorityVerizon Global Root CAVI Registru Centras RCSC (RootCA)Visa eCommerce RootVisa Information Delivery Root CAVRK Gov. Root CAWellsSecure Public Root Certificate AuthorityWellsSecure Public Root Certification Authority 01 G2XRamp Global Certification Authority 373 Certificates

 

Here is a list of rekoved certificates from Windows XP to New installation and running "rvkroots.exe" (Security Advisories):

Issued on behalf of: *.EGO.GOV.TR*.google.comAC DG Trésor SSLaddons.mozilla.orgAlpha Networks Inc.CN=Microsoft Online Svcs BPOS APAC CA4DigiNotar Cyber CADigiNotar Cyber CADigiNotar Cyber CADigiNotar PKIoverheid CA Organisatie - G2DigiNotar PKIoverheid CA OverheidDigiNotar PKIoverheid CA Overheid en BedrijvenDigiNotar Root CADigiNotar Root CADigiNotar Root CADigiNotar Root CA G2DigiNotar Services 1024 CADigisign Server ID - (Enrich)Digisign Server ID (Enrich)D-LINK CORPORATIONe-islem.kktcmerkezbankasi.orgglobal trusteeKEEBOX, INClogin.live.comlogin.skype.comlogin.yahoo.comlogin.yahoo.comlogin.yahoo.commail.google.comMCSHOLDING TESTMicrosoft CorporationMicrosoft CorporationMicrosoft Enforced Licensing Intermediate PCAMicrosoft Enforced Licensing Intermediate PCAMicrosoft Enforced Licensing Registration Authority CA (SHA1)Microsoft Genuine Windows Phone Public Preview CA01Microsoft IPTVe CAMicrosoft Online CA001Microsoft Online Svcs BPOS APAC CA1Microsoft Online Svcs BPOS APAC CA2Microsoft Online Svcs BPOS APAC CA3Microsoft Online Svcs BPOS APAC CA5Microsoft Online Svcs BPOS APAC CA6Microsoft Online Svcs BPOS CA1Microsoft Online Svcs BPOS CA2Microsoft Online Svcs BPOS CA2Microsoft Online Svcs BPOS CA2Microsoft Online Svcs BPOS EMEA CA1Microsoft Online Svcs BPOS EMEA CA2Microsoft Online Svcs BPOS EMEA CA3Microsoft Online Svcs BPOS EMEA CA4Microsoft Online Svcs BPOS EMEA CA5Microsoft Online Svcs BPOS EMEA CA6Microsoft Online Svcs CA1Microsoft Online Svcs CA1Microsoft Online Svcs CA3Microsoft Online Svcs CA3Microsoft Online Svcs CA4Microsoft Online Svcs CA4Microsoft Online Svcs CA5Microsoft Online Svcs CA5Microsoft Online Svcs CA6NIC CA 2011NIC CA 2014NIC Certifying AuthorityTRENDnet, Inc.www.google.comwww.live.fi 68 Certificates

 

Based on the lists, you can look in the Certificate Manager and make a comparison.

 

:)

Well I have 566 trusted certificates and 60 untrusted certificates.

Some, but obviously not all, match those in your lists.

Should I be worried about this?

:)

Link to comment
Share on other sites

@Dave-H

 

Be worried, yes, but do not panic. Have you viewed the link at (Security Advisories), as some will be explained with regard also to obtain the update. Since the 4 currently revoked certificates are listed by the way. That you have more certificates may be because that your Windows already a very long time is in use where just already often a non-existent root certificate from Microsoft (crypt32) or you have certificates imported. On my host PC I have collected 456 certificates :D .

 

:)

Edited by heinoganda
Link to comment
Share on other sites

@blackwingcat

I just tried installing your October 2015 Root Certificates Update and Trend Internet Security blocked it as a "suspicious file"!

Presumable it's really OK, but I'd just like some reassurance......

:)

Link to comment
Share on other sites

Hi.

http://blog.livedoor.jp/blackwingcat/archives/1914441.html

Here is the reason.

 

I released KDW solutions before, they are detected false positive by any anti virus.

So my site is marked sometimes "suspicious site".

 

@blackwingcat

I just tried installing your October 2015 Root Certificates Update and Trend Internet Security blocked it as a "suspicious file"!

Presumable it's really OK, but I'd just like some reassurance......

:)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...