Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


heinoganda

Root Certificates and Revoked Certificates for Windows XP

Recommended Posts

@heinoganda I've been using ProxHTTPS for a few days and it works as expected, however I'm having issues with Mega as it says NET::ERR_CERT_COMMON_NAME_INVALID 

It's almost like if Mega actually knows that ProxHTTPS has changed the certificate information and refuses the connection thus preventing data leaks.

Any idea?

Oh, by the way, it would be interesting to add a TLS1.3 to TLS1.2 feature in the future (if Microsoft doesn't deliver TLS1.3 as promised).

Share this post


Link to post
Share on other sites

@FranceBB

I just tested Mega and could not detect this error (tested with Google Chrome 49.0.2623.112). Have changes been made to the "config.ini" file? Are your Windows XP Root Certificates up-to-date? Is the entry in the file "config.ini" present under [SSL Pass-Thru] *.mega.co.nz? Quit HTTPS Proxy, delete the contents of the "Certs" folder, and then restart. Maybe you give me the link via PM, where I can check where the error lies. Unfortunately, there is no news for Python when it comes to supporting TLS 1.3.

:)

Edited by heinoganda

Share this post


Link to post
Share on other sites

I changed from "*.mega.co.nz" to "*mega.co.nz" in [SSL Pass-Thru] and it works.

Apparently, the ".co.nz" domain is just a redirect to the ".nz" domain, which is now the main one.

Removing the dot from the [SSL Pass-Thru] made it load correctly ;)

As to the certificates, of course I have them updated, I use your certificate updater on a regular basis :D

Quote

Unfortunately, there is no news for Python when it comes to supporting TLS 1.3.

Too bad. Maybe there will. Who knows. Time will tell. Still, I'm optimistic. ^_^

Edited by FranceBB

Share this post


Link to post
Share on other sites

Well I deleted all the files in the certificate cache folders, and cleaned the registry of all the system certificate entries.
There were then no certificates recorded as being installed on the machine at all.
On reboot a new lot were downloaded, with no error messages, and I then ran the Certificate Updater to get the rest of them restored.
So far, so good, I guess I won't know until the next automatic update whether this has finally laid this problem to rest.
From past experience, I'm not holding out a lot of hope!
:no:

 

Share this post


Link to post
Share on other sites

CertUpd.jpg

Update for root certificates:

New:

CN = emSign ECC Root CA - C3
O = eMudhra Inc
OU = emSign PKI
C = US

CN = emSign ECC Root CA - G3
O = eMudhra Technologies Limited
OU = emSign PKI
C = IN

CN = emSign Root CA - C1
O = eMudhra Inc
OU = emSign PKI
C = US

CN = emSign Root CA - C2
O = eMudhra Inc
OU = emSign PKI
C = US

CN = emSign Root CA - G1
O = eMudhra Technologies Limited
OU = emSign PKI
C = IN

CN = emSign Root CA - G2
O = eMudhra Technologies Limited
OU = emSign PKI
C = IN

Added again:

CN = Entrust Root Certification Authority - G4
OU = (c) 2015 Entrust, Inc. - for authorized use only
OU = See www.entrust.net/legal-terms
O = Entrust, Inc.
C = US

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

:)

Edited by heinoganda
  • Like 1

Share this post


Link to post
Share on other sites

Just to report that if you are using proxHTTPS and Whatsapp, you should add *web.whatsapp.com* to [SSL Pass-Thru] otherwise it's not gonna let you login for whatever reason. ^_^

Cheers.

Edited by FranceBB

Share this post


Link to post
Share on other sites

@FranceBB

Thanks for the info, will complement the entry in the config.ini for future updates on HTTPS proxy. This information helps to improve the functionality for all users of HTTPS Proxy. :thumbup 

Annotation:
Alone I can not test all websites / programs in this world for the function with HTTPS proxy.

:)

Edited by heinoganda
  • Like 1

Share this post


Link to post
Share on other sites

Well my purging of the certificates on my machine didn't work.
:no:
 

Image2.jpg

In fact I'm now getting so many errors on every boot that they're being suppressed to avoid swamping the log!
:(

I'm still really surprised that no-one else seems to be having this problem, as it's happening exactly the same on my netbook too, which has never had any changes made to its certificate system, it hasn't even had any manual updates applied using @heinoganda's updater or by any other means!

Edited by Dave-H
Addition

Share this post


Link to post
Share on other sites

Since you mentioned it, I've started getting said errors on September 13. Never had any changes made to certificate system.

Edited by Tangy
Additional info

Share this post


Link to post
Share on other sites

Dave-H - you are not alone!!!  My XP Applications Event Viewer page looks exactly like yours, ending with the same Warning.

And I run Heinoganda's cert_updater every few months, which splits the timeline into alternate universes.  However, I have not tried any of the other suggestions in this thread.

Share this post


Link to post
Share on other sites

Good, well that's three of us at least with the same issue!
I'm sure he will correct me if I'm wrong, but I don't think running or not running Heinoganda's certificate updater has anything to do with these errors, as I think that updates something different to what the crypt32 updates are. As those crypt32 automatic updates are still happening, and were for ages after XP EOL before the errors started, they must be something different to what the certificate updater is designed to update, which is presumably something now no longer updated automatically by the OS.
As I said, I've never run the certificate updater on my netbook, or done any other manual updates or alterations to any of the certificates system on that machine, and the errors have started there too, although they did take a lot longer to start appearing there than they did on my main machine for some reason.
:)

Share this post


Link to post
Share on other sites

I have had these errors as well, though never to the extent as Dave-H, and not at boot.  They come--and then go away--over time.

I will try to keep closer tabs on my Event Viewer, to see if I can determine what I'm doing when they happen.

Share this post


Link to post
Share on other sites

Fresh install of XP, IE gives a ton of errors everywhere. Seems most if not all certs are invalid, I'm going to try this.

Maxthon gives the same or similar issues, which uses Windows crypt dlls.

Edited by SRainharp

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...