blackwingcat Posted October 20, 2015 Posted October 20, 2015 http://blog.livedoor.jp/blackwingcat/archives/1914304.html I made an update root certificate + untrust roots for Windows 2000/XP/2003 before.But, its version number is uniquely. You can download from here.http://w2k.flxsrv.org/wlu/wlu.htm rootsupd201510.exe 2
PROBLEMCHYLD Posted October 21, 2015 Posted October 21, 2015 I just updated Win98 and XP with blackwingcat and 5eraph version. Thanks guys.
heinoganda Posted October 21, 2015 Author Posted October 21, 2015 (edited) On the topic of unique identifiers for Windows Update or Microsoft Update by "rvkroots.exe" and "rootsupd.exe". Have taken the trouble and made in VMware a clean Windows XP SP3 installation. Now, the current status (10/21/2015) are not root certificate update and revoked certificates offered more! What ultimately means that the unique identifier of "rvkroots.exe" and "rootsupd.exe" no more influence has in Windows Update or Microsoft Update (As for me, I would this regard, do not change these Version entries. I see an attack point to the Windows XP user to get rid not pay for extended support.)! (In May 2014 it was still relevant because I have occupied myself at an early stage with the problem of root certificate updates. Because Microsoft is starting as Windows Vista, after a system update, only the root certificate loading when required or tested for revoked certificates and thus stripped on an elegant way of Windows XP users.) Thus, this issue has done. Note: Has anyone ever looked at the date to the contribution of "rvkroots.exe" and "rootsupd.exe" I have posted on the forum? That irritates me very much. @blackwingcat In "rvkroots.exe" one can understand the version number yet, but with "rootsupd.exe" there is a future confusion if everyone thinks he would have updated again at a current time. Here's an excerpt of my updated list: Spoiler rootsupd.exe 11/11/2013 v40 replaced! Root certificates November 2013 WU MU MSDC rvkroots.exe 12/12/2013 v5 replaced! revoke certificates! WU MU MSDC rootsupd.exe 03/10/2014 v41 replaced! Root certificates March 2014 MSDC ----------------------------------------------------------------------------------------- End of Support April 2014 ----------------------------------------------------------------------------------------- rvkroots.exe 07/10/2014 v6 replaced! revoke certificates! (KB2982792) MSDC SM rootsupd.exe 11/21/2014 v42 ? replaced! Root certificates November 2014 SM rootsupd.exe 02/10/2015 v43 ? replaced! Root certificates Februar 2015 SM rootsupd.exe 03/09/2015 v44 ? replaced! Root certificates March 2015 SM rvkroots.exe 03/17/2015 v7 replaced! revoke certificates! (KB3046310) MSDC SM rvkroots.exe 03/25/2015 v8 replaced! revoke certificates! (KB3050995) MSDC SM rootsupd.exe 04/14/2015 v45 ? replaced! Root certificates April 2015 SM rootsupd.exe 06/25/2015 v46 ? replaced! Root certificates Juni 2015 SM rootsupd.exe 09/03/2015 v47 ? Root certificates September 2015 SM rvkroots.exe 09/24/2015 v9 revoke certificates (KB3097966) SM Note: SMWU = Windows Update MU = Microsoft Update MSDC = Microsoft Download Center SM = Self made Secondly, no problem at WU and MU is a corresponding query in order to introduce users to exclude from WU or MU. (This may in Windows 2000 and older versions of Windows to play no role, but in Windows XP, there still functional updates are distributed.) Edited March 14, 2016 by heinoganda
hmuellers Posted October 22, 2015 Posted October 22, 2015 (edited) ... Edited January 9, 2016 by hmuellers 1
Dave-H Posted October 22, 2015 Posted October 22, 2015 I was wondering about this too!My machine is still regularly putting "crypt32" entries into the Application Event Log that say "Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>".Is that doing what it should do anyway?
heinoganda Posted October 22, 2015 Author Posted October 22, 2015 (edited) @hmuellers Firefox and Oracle Java has its own certificate management and is not dependent on the Windows Internal Certificate Management. By comparison, Chrome, IExplorer, automatic updates, RDP 7 (Encrypted connection possible), ect . is dependent on the Windows Internal Certificate Management. Note: My .NET lists I have also been updated. @Dave-H Regarding the "crypt32" entries in the eventlog means that the root certificates in Windows is updated, if a certificate is detected that does not originate from a certified body. So to say only to need. (this function applies to experts as controversial possibly vulnerable, since possibly someone one could foist a rotten root certificate.) What however with revoked certificates under Windows XP (as Windows Vista automatically) does not take place! "rootsupd.exe" is of interest for a new installation or if this function (crypt32) subsequently uninstalled / deactivated. Here is a list of root certificates from Windows XP to New installation and running "rootsupd.exe": Spoiler Issued on behalf of: AAA Certificate Services AC Raíz Certicámara S.A. AC RAIZ DNIEAC RAIZ FNMT-RCM AC1 RAIZ MTIN ACCVRAIZ1 ACEDICOM Root ACNLB Actalis Authentication CA G1 Actalis Authentication Root CA AddTrust External CA Root AdminCA-CD-T01 Admin-Root-CA ADOCA02 AffirmTrust Commercial AffirmTrust Networking AffirmTrust Premium AffirmTrust Premium ECC America Online Root Certification Authority 1 ANCERT Certificados GN ANCERT Certificados CGN V2 ANCERT Certificados Notariales ANCERT Certificados Notariales V2 ANCERT Corporaciones de Derecho Publico ANF Global Root CA ANF Server CA Application CA G2 Application CA G3 Root ApplicationCA ApplicationCA2 Root ATHEX Root CA Atos TrustedRoot 2011 A-Trust-nQual-03 A-Trust-Qual-02 A-Trust-Qual-03 A-Trust-Root-05 Autoridad Certificadora de la Asociacion Nacional del Notariado Mexicano A.C.Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana A.C.Autoridad Certificadora Raiz de la Secretaria de Economia Autoridad Certificadora Raiz de la Secretaria de Economia Autoridad Certificadora Raíz Nacional de Uruguay Autoridad de Certificacion de la Abogacia Autoridad de Certificacion Firmaprofesional CIF A62634068 Autoridad de Certificacion Raiz del Estado Venezolano Autoridad de Certificacion Raiz del Estado Venezolano Autoridade Certificadora Raiz Brasileira v1 Autoridade Certificadora Raiz Brasileira v2 Baltimore CyberTrust Root Belgacom E-Trust Primary CA Buypass Class 2 CA 1 Buypass Class 2 Root CA Buypass Class 3 CA 1 Buypass Class 3 Root CA C&W HKT SecureNet CA Class A C&W HKT SecureNet CA Class B C&W HKT SecureNet CA Root C&W HKT SecureNet CA SGC RootCA 1 CA DATEV BT 01CA DATEV BT 02CA DATEV BT 03CA DATEV INT 01CA DATEV INT 02CA DATEV INT 03CA DATEV STD 01CA DATEV STD 02CA DATEV STD 03CA Disig CA Disig Root R1CA Disig Root R2CA WoSign ECC RootCA (Wosign China) CCA India 2011 CCA India 2014 CCA India 2015 SPL Certeurope Root CA 2 Certification Authority of WoSign Certification Authority of WoSign G2 CertignaCertinomis - Autorité RacineCertinomis - Root CA Certipost E-Trust Primary Normalised CA Certipost E-Trust Primary Qualified CA Certipost E-Trust TOP Root CA Certplus Root CA G1Certplus Root CA G2 certSIGN ROOT CA Certum CA Certum Trusted Network CA Certum Trusted Network CA 2C FCA EV ROOTCFCA GT CA Chambers of Commerce Root Chambers of Commerce Root - 2008 China Internet Network Information Center EV Certificates Root Cisco Root CA 2048 Cisco RXC-R2 Class 1 Primary CA Class 2 Primary CA Class 3 Primary CA Class 3 Public Primary Certification Authority Class 3P Primary CA Class 3TS Primary CA CNNIC ROOTCommon Policy COMODO Certification Authority COMODO ECC Certification Authority COMODO RSA Certification Authority ComSign Advanced Security CA ComSign CAComSign Global Root CA ComSign Secured CA Copyright (c) 1997 Microsoft Corp. Correo Uruguayo - Root CA Cybertrust Global Root Deutsche Telekom Root CA 1 Deutsche Telekom Root CA 2 DigiCert Assured ID Root CA DigiCert Assured ID Root G2 DigiCert Assured ID Root G3 DigiCert Global Root CA DigiCert Global Root G2 DigiCert Global Root G3 DigiCert High Assurance EV Root CA DigiCert Trusted Root G4 Digidentity L3 Root CA - G2 DST ACES CA X6DST Root CA X3D-TRUST Root CA 3 2013 D-TRUST Root Class 2 CA 2007 D-TRUST Root Class 3 CA 2 2009 D-TRUST Root Class 3 CA 2 EV 2009 D-TRUST Root Class 3 CA 2007 EBG Elektronik Sertifika Hizmet SaglayicisiEC-ACCE-CERT ROOT CA Echoworx Root CA2 ECRaizEstadoEE Certification Centre Root CA e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S2 E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S3E-ME SSI (RCA) Entrust Root Certification Authority Entrust Root Certification Authority - EC1 Entrust Root Certification Authority - G2 Entrust.net Certification Authority (2048) Entrust.net Secure Server Certification Authoritye PKI Root Certification Authority Equifax Secure Certificate Authority Equifax Secure Global eBusiness CA-1esignit.org E-Tugra Certification Authority EUnet International Root CA Federal Common Policy CA FESTE, Public Notary Certs FESTE, Verified CertsFirst Data Digital Certificates Inc. Certification Authority FNMT Clase 2 CA Fotanúsítványkiadó - Kormányzati Hitelesítés SzolgáltatóGDCA TrustAUTH R5 ROOT GeoTrust Global CA GeoTrust Global CA 2 GeoTrust Primary Certification Authority GeoTrust Primary Certification Authority - G2 GeoTrust Primary Certification Authority - G3 GeoTrust Universal CA GeoTrust Universal CA 2 Global Chambersign Root Global Chambersign Root - 2008 GlobalSign GlobalSign GlobalSign GlobalSign GlobalSign GlobalSign Root CA GlobalSign Root CA GLOBALTRUST Go Daddy Class 2 Certification Authority Go Daddy Root Certificate Authority - G2 Government Root Certification Authority Government Root Certification Authority GPKIRootCA GPKIRootCA1 GTE CyberTrust Global Root Halcom CA FO Halcom CA PO 2 Halcom Root CA Hellenic Academic and Research Institutions RootCA 2011 Hongkong Post Root CA 1 I.CA - Qualified Certification Authority, 09/2009 I.CA - Qualified root certificate I.CA - Standard Certification Authority, 09/2009I.CA - Standard root certificate IdenTrust Commercial Root CA 1 IdenTrust Public Sector Root CA 1 IGC/AIGC/A AC racine Etat francais Izenpe.com Izenpe.com JCAN Root CA1 Juur-SKKEYNECTIS ROOT CA KISA RootCA 1 LAWtrust Root Certification Authority 2048 LuxTrust Global Root Macao Post eSignTrust Root Certification Authority (G02) Microsec e-Szigno Root CA Microsec e-Szigno Root CA 2009 Microsoft Authenticode(tm) Root Authority Microsoft Root Authority Microsoft Root Certificate Authority Microsoft Root Certificate Authority 2010 Microsoft Root Certificate Authority 2011 MULTICERT Root Certification Authority 01 NetLock Arany (Class Gold) FotanúsítványNetLock Kozjegyzoi (Class A) TanusitvanykiadoNetLock Minositett Kozjegyzoi (Class QA) TanusitvanykiadoNetLock Platina (Class Platinum) FotanúsítványNetrust CA1 Network Solutions Certificate Authority NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. Notarius Root Certificate Authority OATI WebCARES Root CA OISTE WISeKey Global Root GA CA OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 PersonalID Trustworthy RootCA 2011 Post.Trust Root CA Posta CA Root POSTArCA PostSignum Root QCA 2 PTT Post Root CA Public Notary Root QuoVadis Root CA 1 G3 QuoVadis Root CA 2 QuoVadis Root CA 2 G3 QuoVadis Root CA 3 QuoVadis Root CA 3 G3 QuoVadis Root Certification Authority Registradores de España - CA RaízRoot CA Generalitat Valenciana RSA Security 2048 V3 SAPO Class 2 Root CA SAPO Class 3 Root CA SAPO Class 4 Root CA Saudi National Root CA Saunalahden Serveri CA Saunalahden Serveri CA Secure Global CA SecureNet CA Class A SecureNet CA Root SecureNet CA SGC Root SecureSign RootCA1 SecureSign RootCA11 SecureSign RootCA2 SecureSign RootCA3 SecureTrust CA Security Communication EV RootCA1 Security Communication RootCA1 Security Communication RootCA2 Serasa Certificate Authority I Serasa Certificate Authority II Serasa Certificate Authority III SG TRUST SERVICES RACINESIA Secure Client CA SIA Secure Server CA sigen-ca Signet Root CA sigov-ca SITHS CA v3 SITHS Root CA v1 Sonera Class1 CA Sonera Class2 CA SSC GDL CA Root B SSC Root CA A SSC Root CA B SSC Root CA C Staat der Nederlanden EV Root CA Staat der Nederlanden Root CA Staat der Nederlanden Root CA - G2 Staat der Nederlanden Root CA - G3 Starfield Class 2 Certification Authority Starfield Root Certificate Authority - G2 Starfield Services Root Certificate Authority Starfield Services Root Certificate Authority - G2 StartCom Certification Authority StartCom Certification Authority G2 S-TRUST Authentication and Encryption Root CA 2005:PNS-TRUST Universal Root CA Swedish Government Root Authority v1 Swedish Government Root Authority v2 Swiss Government Root CA I Swiss Government Root CA II Swisscom Root CA 1 Swisscom Root CA 2 Swisscom Root EV CA 2 SwissSign Gold CA - G2 SwissSign Gold Root CA - G3 SwissSign Platinum CA - G2 SwissSign Platinum Root CA - G3 SwissSign Silver CA - G2 SwissSign Silver Root CA - G3 Symantec Class 1 Public Primary Certification Authority - G4 Symantec Class 1 Public Primary Certification Authority - G6 Symantec Class 2 Public Primary Certification Authority - G4 Symantec Class 2 Public Primary Certification Authority - G6 Symantec Class 3 Public Primary Certification Authority - G4 Symantec Class 3 Public Primary Certification Authority - G6 SZAFIR ROOT CA TC TrustCenter Class 2 CA II TC TrustCenter Class 3 CA II TC TrustCenter Class 4 CA II TC TrustCenter Universal CA I TC TrustCenter Universal CA III TDC OCES CA TeliaSonera Root CA v1 Thailand National Root Certification Authority - G1 Thawte Premium Server CA thawte Primary Root CA thawte Primary Root CA - G2 thawte Primary Root CA - G3 Thawte Server CA Thawte Timestamping CA TM Applied Business Root Certificate TRUST2408 OCES Primary CA TrustCor ECA-1 TrustCor RootCert CA-1 TrustCor RootCert CA-2 Trustis EVS Root CA Trustis FPS Root CA T-TeleSec GlobalRoot Class 2 T-TeleSec GlobalRoot Class 3 TÜBITAK UEKAE Kök Sertifika Hizmet Saglayicisi - Sürüm 3Tunisian Root Certificate Authority - TunRootCA2 TÜRKTRUST Elektronik Islem Hizmetleri TÜRKTRUST Elektronik Islem Hizmetleri TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi H5 TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi H6 TWCA Global Root CA TWCA Root Certification Authority TWCA Root Certification Authority UCA Global Root UCA Root USERTrust ECC Certification Authority USERTrust RSA Certification Authority UTN - DATACorp SGC UTN-USERFirst-Client Authentication and Email UTN-USERFirst-Hardware UTN-USERFirst-Network Applications UTN-USERFirst-ObjectVAS Latvijas Pasts SSI(RCA) VeriSign Class 1 Public Primary Certification Authority - G3 VeriSign Class 2 Public Primary Certification Authority - G3 VeriSign Class 3 Public Primary Certification Authority - G3 VeriSign Class 3 Public Primary Certification Authority - G4 VeriSign Class 3 Public Primary Certification Authority - G5 VeriSign Class 4 Public Primary Certification Authority - G3 VeriSign Commercial Software Publishers CA VeriSign Trust Network VeriSign Universal Root Certification Authority Verizon Global Root CA VI Registru Centras RCSC (RootCA) Visa eCommerce Root Visa Information Delivery Root CA VRK Gov. Root CA WellsSecure Public Root Certificate Authority WellsSecure Public Root Certification Authority 01 G2 XRamp Global Certification Authority 373 Certificates Here is a list of rekoved certificates from Windows XP to New installation and running "rvkroots.exe" (Security Advisories): Spoiler Issued on behalf of: *.EGO.GOV.TR *.google.com AC DG Trésor SSL addons.mozilla.org Alpha Networks Inc. CN=Microsoft Online Svcs BPOS APAC CA4 DigiNotar Cyber CA DigiNotar Cyber CA DigiNotar Cyber CA DigiNotar PKIoverheid CA Organisatie - G2 DigiNotar PKIoverheid CA Overheid DigiNotar PKIoverheid CA Overheid en Bedrijven DigiNotar Root CA DigiNotar Root CA DigiNotar Root CA DigiNotar Root CA G2 DigiNotar Services 1024 CA Digisign Server ID - (Enrich) Digisign Server ID (Enrich) D-LINK CORPORATION e-islem.kktcmerkezbankasi.orgglobal trusteeKEEBOX, INC login.live.com login.skype.com login.yahoo.com login.yahoo.com login.yahoo.com mail.google.com MCSHOLDING TEST Microsoft Corporation Microsoft Corporation Microsoft Enforced Licensing Intermediate PCA Microsoft Enforced Licensing Intermediate PCA Microsoft Enforced Licensing Registration Authority CA (SHA1) Microsoft Genuine Windows Phone Public Preview CA01 Microsoft IPTVe CA Microsoft Online CA001 Microsoft Online Svcs BPOS APAC CA1 Microsoft Online Svcs BPOS APAC CA2 Microsoft Online Svcs BPOS APAC CA3 Microsoft Online Svcs BPOS APAC CA5 Microsoft Online Svcs BPOS APAC CA6 Microsoft Online Svcs BPOS CA1 Microsoft Online Svcs BPOS CA2 Microsoft Online Svcs BPOS CA2 Microsoft Online Svcs BPOS CA2 Microsoft Online Svcs BPOS EMEA CA1 Microsoft Online Svcs BPOS EMEA CA2 Microsoft Online Svcs BPOS EMEA CA3 Microsoft Online Svcs BPOS EMEA CA4 Microsoft Online Svcs BPOS EMEA CA5 Microsoft Online Svcs BPOS EMEA CA6 Microsoft Online Svcs CA1 Microsoft Online Svcs CA1 Microsoft Online Svcs CA3 Microsoft Online Svcs CA3 Microsoft Online Svcs CA4 Microsoft Online Svcs CA4 Microsoft Online Svcs CA5 Microsoft Online Svcs CA5 Microsoft Online Svcs CA6 NIC CA 2011 NIC CA 2014 NIC Certifying Authority TRENDnet, Inc. www.google.com www.live.fi 68 Certificates Based on the lists, you can look in the Certificate Manager and make a comparison. Edited March 14, 2016 by heinoganda
hmuellers Posted October 22, 2015 Posted October 22, 2015 (edited) ... Edited January 9, 2016 by hmuellers
hmuellers Posted October 22, 2015 Posted October 22, 2015 (edited) ... Edited January 9, 2016 by hmuellers
heinoganda Posted October 22, 2015 Author Posted October 22, 2015 (edited) @hmuellersDamage can be a root certificates update is not (Unfortunately, I do not know what the future Microsoft still plans), but safety relevant are the revoked certificates! (Since it's enough if automatic updates are enabled, you might get accidental harmful update because the safety chain is open.) On the subject of the .NET Framework installation with update (.NET 3.5 and 4) I have times with the "hotfixinstaller" in the update packages deals. Now, all .NET 3.5 updates, and .NET 4 updates have each combined into one package. A test installation under VMware with a processor (2.4 Ghz) and 512MB memory (Complete .NET 3.5 & 4) I have 25 minutes. required! What do you think about it? Edited October 22, 2015 by heinoganda
hmuellers Posted October 22, 2015 Posted October 22, 2015 (edited) ... Edited January 9, 2016 by hmuellers
heinoganda Posted October 22, 2015 Author Posted October 22, 2015 (edited) @hmuellersQuite simple really, look here https://technet.microsoft.com/en-us/library/security/3097966.aspx there are listed the current revoked certificates. Then look in your Certificate Manager on revoked certificates if present, would currently 68 certificates to be listed as disabled.By POSReady 2009 trick I have when I check by IExplorer the updates no corresponding update available to this day. (The same with automatic updates) Have times after the update (KB2677070) sought where the function of automatic update of revoked certificates implemented, there was no update for Windows XP incl. Div. Derivatives such as POSReady 2009 provided. Just because you entry in a registry making means that this is still far from this feature available. (The only thing that has Windows XP, which is at an unknown root certificate that is downloaded when needed at Microsoft. This has absolutely nothing to do with revoked certificates.) In short words, a way how to make do I have provided, ultimately can handle everyone as he wants, otherwise I am very realistic and facts speak for themselves. In .NET Framework I thought of update rollups that are of particular interest for new installations. (There are any resembled the *.msp files within a Hotfixinstallerpaket summarized) Edited October 23, 2015 by heinoganda
Dave-H Posted October 22, 2015 Posted October 22, 2015 @hmuellersFirefox and Oracle Java has its own certificate management and is not dependent on the Windows Internal Certificate Management. By comparison, Chrome, IExplorer, automatic updates, RDP 7 (Encrypted connection possible), ect . is dependent on the Windows Internal Certificate Management. Note: My .NET lists I have also been updated. @Dave-HRegarding the "crypt32" entries in the eventlog means that the root certificates in Windows is updated, if a certificate is detected that does not originate from a certified body. So to say only to need. (this function applies to experts as controversial possibly vulnerable, since possibly someone one could foist a rotten root certificate.) What however with revoked certificates under Windows XP (as Windows Vista automatically) does not take place! "rootsupd.exe" is of interest for a new installation or if this function (crypt32) subsequently uninstalled / deactivated. Here is a list of root certificates from Windows XP to New installation and running "rootsupd.exe":Issued on behalf of: AAA Certificate ServicesAC Raíz Certicámara S.A.AC RAIZ DNIEAC RAIZ FNMT-RCMAC1 RAIZ MTINACCVRAIZ1ACEDICOM RootACNLBActalis Authentication CA G1Actalis Authentication Root CAAddTrust External CA RootAdminCA-CD-T01Admin-Root-CAADOCA02AffirmTrust CommercialAffirmTrust NetworkingAffirmTrust PremiumAffirmTrust Premium ECCAmerica Online Root Certification Authority 1ANCERT Certificados CGNANCERT Certificados CGN V2ANCERT Certificados NotarialesANCERT Certificados Notariales V2ANCERT Corporaciones de Derecho PublicoANF Global Root CAANF Server CAApplication CA G2Application CA G3 RootApplicationCAApplicationCA2 RootATHEX Root CAAtos TrustedRoot 2011A-Trust-nQual-03A-Trust-Qual-02A-Trust-Qual-03A-Trust-Root-05Autoridad Certificadora de la Asociacion Nacional del Notariado Mexicano, A.C.Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C.Autoridad Certificadora Raiz de la Secretaria de EconomiaAutoridad Certificadora Raiz de la Secretaria de EconomiaAutoridad Certificadora Raíz Nacional de UruguayAutoridad de Certificacion de la AbogaciaAutoridad de Certificacion Firmaprofesional CIF A62634068Autoridad de Certificacion Raiz del Estado VenezolanoAutoridad de Certificacion Raiz del Estado VenezolanoAutoridade Certificadora Raiz Brasileira v1Autoridade Certificadora Raiz Brasileira v2Baltimore CyberTrust RootBelgacom E-Trust Primary CABuypass Class 2 CA 1Buypass Class 2 Root CABuypass Class 3 CA 1Buypass Class 3 Root CAC&W HKT SecureNet CA Class AC&W HKT SecureNet CA Class BC&W HKT SecureNet CA RootC&W HKT SecureNet CA SGC RootCA 1CA DATEV BT 01CA DATEV BT 02CA DATEV BT 03CA DATEV INT 01CA DATEV INT 02CA DATEV INT 03CA DATEV STD 01CA DATEV STD 02CA DATEV STD 03CA DisigCA Disig Root R1CA Disig Root R2CA WoSign ECC RootCA (Wosign China)CCA India 2011CCA India 2014CCA India 2015 SPLCerteurope Root CA 2Certification Authority of WoSignCertification Authority of WoSign G2CertignaCertinomis - Autorité RacineCertinomis - Root CACertipost E-Trust Primary Normalised CACertipost E-Trust Primary Qualified CACertipost E-Trust TOP Root CACertplus Root CA G1Certplus Root CA G2certSIGN ROOT CACertum CACertum Trusted Network CACertum Trusted Network CA 2CFCA EV ROOTCFCA GT CAChambers of Commerce RootChambers of Commerce Root - 2008China Internet Network Information Center EV Certificates RootCisco Root CA 2048Cisco RXC-R2Class 1 Primary CAClass 2 Primary CAClass 3 Primary CAClass 3 Public Primary Certification AuthorityClass 3P Primary CAClass 3TS Primary CACNNIC ROOTCommon PolicyCOMODO Certification AuthorityCOMODO ECC Certification AuthorityCOMODO RSA Certification AuthorityComSign Advanced Security CAComSign CAComSign Global Root CAComSign Secured CACopyright (c) 1997 Microsoft Corp.Correo Uruguayo - Root CACybertrust Global RootDeutsche Telekom Root CA 1Deutsche Telekom Root CA 2DigiCert Assured ID Root CADigiCert Assured ID Root G2DigiCert Assured ID Root G3DigiCert Global Root CADigiCert Global Root G2DigiCert Global Root G3DigiCert High Assurance EV Root CADigiCert Trusted Root G4Digidentity L3 Root CA - G2DST ACES CA X6DST Root CA X3D-TRUST Root CA 3 2013D-TRUST Root Class 2 CA 2007D-TRUST Root Class 3 CA 2 2009D-TRUST Root Class 3 CA 2 EV 2009D-TRUST Root Class 3 CA 2007EBG Elektronik Sertifika Hizmet SaglayicisiEC-ACCE-CERT ROOT CAEchoworx Root CA2ECRaizEstadoEE Certification Centre Root CAe-Guven Kok Elektronik Sertifika Hizmet SaglayicisiE-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S2E-GUVEN Kok Elektronik Sertifika Hizmet Saglayicisi S3E-ME SSI (RCA)Entrust Root Certification AuthorityEntrust Root Certification Authority - EC1Entrust Root Certification Authority - G2Entrust.net Certification Authority (2048)Entrust.net Secure Server Certification AuthorityePKI Root Certification AuthorityEquifax Secure Certificate AuthorityEquifax Secure Global eBusiness CA-1esignit.orgE-Tugra Certification AuthorityEUnet International Root CAFederal Common Policy CAFESTE, Public Notary CertsFESTE, Verified CertsFirst Data Digital Certificates Inc. Certification AuthorityFNMT Clase 2 CAFotanúsítványkiadó - Kormányzati Hitelesítés SzolgáltatóGDCA TrustAUTH R5 ROOTGeoTrust Global CAGeoTrust Global CA 2GeoTrust Primary Certification AuthorityGeoTrust Primary Certification Authority - G2GeoTrust Primary Certification Authority - G3GeoTrust Universal CAGeoTrust Universal CA 2Global Chambersign RootGlobal Chambersign Root - 2008GlobalSignGlobalSignGlobalSignGlobalSignGlobalSignGlobalSign Root CAGlobalSign Root CAGLOBALTRUSTGo Daddy Class 2 Certification AuthorityGo Daddy Root Certificate Authority - G2Government Root Certification AuthorityGovernment Root Certification AuthorityGPKIRootCAGPKIRootCA1GTE CyberTrust Global RootHalcom CA FOHalcom CA PO 2Halcom Root CAHellenic Academic and Research Institutions RootCA 2011Hongkong Post Root CA 1I.CA - Qualified Certification Authority, 09/2009I.CA - Qualified root certificateI.CA - Standard Certification Authority, 09/2009I.CA - Standard root certificateIdenTrust Commercial Root CA 1IdenTrust Public Sector Root CA 1IGC/AIGC/A AC racine Etat francaisIzenpe.comIzenpe.comJCAN Root CA1Juur-SKKEYNECTIS ROOT CAKISA RootCA 1LAWtrust Root Certification Authority 2048LuxTrust Global RootMacao Post eSignTrust Root Certification Authority (G02)Microsec e-Szigno Root CAMicrosec e-Szigno Root CA 2009Microsoft Authenticode(tm) Root AuthorityMicrosoft Root AuthorityMicrosoft Root Certificate AuthorityMicrosoft Root Certificate Authority 2010Microsoft Root Certificate Authority 2011MULTICERT Root Certification Authority 01NetLock Arany (Class Gold) FotanúsítványNetLock Kozjegyzoi (Class A) TanusitvanykiadoNetLock Minositett Kozjegyzoi (Class QA) TanusitvanykiadoNetLock Platina (Class Platinum) FotanúsítványNetrust CA1Network Solutions Certificate AuthorityNO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.Notarius Root Certificate AuthorityOATI WebCARES Root CAOISTE WISeKey Global Root GA CAOpenTrust Root CA G1OpenTrust Root CA G2OpenTrust Root CA G3PersonalID Trustworthy RootCA 2011Post.Trust Root CAPosta CA RootPOSTArCAPostSignum Root QCA 2PTT Post Root CAPublic Notary RootQuoVadis Root CA 1 G3QuoVadis Root CA 2QuoVadis Root CA 2 G3QuoVadis Root CA 3QuoVadis Root CA 3 G3QuoVadis Root Certification AuthorityRegistradores de España - CA RaízRoot CA Generalitat ValencianaRSA Security 2048 V3SAPO Class 2 Root CASAPO Class 3 Root CASAPO Class 4 Root CASaudi National Root CASaunalahden Serveri CASaunalahden Serveri CASecure Global CASecureNet CA Class ASecureNet CA RootSecureNet CA SGC RootSecureSign RootCA1SecureSign RootCA11SecureSign RootCA2SecureSign RootCA3SecureTrust CASecurity Communication EV RootCA1Security Communication RootCA1Security Communication RootCA2Serasa Certificate Authority ISerasa Certificate Authority IISerasa Certificate Authority IIISG TRUST SERVICES RACINESIA Secure Client CASIA Secure Server CAsigen-caSignet Root CAsigov-caSITHS CA v3SITHS Root CA v1Sonera Class1 CASonera Class2 CASSC GDL CA Root BSSC Root CA ASSC Root CA BSSC Root CA CStaat der Nederlanden EV Root CAStaat der Nederlanden Root CAStaat der Nederlanden Root CA - G2Staat der Nederlanden Root CA - G3Starfield Class 2 Certification AuthorityStarfield Root Certificate Authority - G2Starfield Services Root Certificate AuthorityStarfield Services Root Certificate Authority - G2StartCom Certification AuthorityStartCom Certification Authority G2S-TRUST Authentication and Encryption Root CA 2005:PNS-TRUST Universal Root CASwedish Government Root Authority v1Swedish Government Root Authority v2Swiss Government Root CA ISwiss Government Root CA IISwisscom Root CA 1Swisscom Root CA 2Swisscom Root EV CA 2SwissSign Gold CA - G2SwissSign Gold Root CA - G3SwissSign Platinum CA - G2SwissSign Platinum Root CA - G3SwissSign Silver CA - G2SwissSign Silver Root CA - G3Symantec Class 1 Public Primary Certification Authority - G4Symantec Class 1 Public Primary Certification Authority - G6Symantec Class 2 Public Primary Certification Authority - G4Symantec Class 2 Public Primary Certification Authority - G6Symantec Class 3 Public Primary Certification Authority - G4Symantec Class 3 Public Primary Certification Authority - G6SZAFIR ROOT CATC TrustCenter Class 2 CA IITC TrustCenter Class 3 CA IITC TrustCenter Class 4 CA IITC TrustCenter Universal CA ITC TrustCenter Universal CA IIITDC OCES CATeliaSonera Root CA v1Thailand National Root Certification Authority - G1Thawte Premium Server CAthawte Primary Root CAthawte Primary Root CA - G2thawte Primary Root CA - G3Thawte Server CAThawte Timestamping CATM Applied Business Root CertificateTRUST2408 OCES Primary CATrustCor ECA-1TrustCor RootCert CA-1TrustCor RootCert CA-2Trustis EVS Root CATrustis FPS Root CAT-TeleSec GlobalRoot Class 2T-TeleSec GlobalRoot Class 3TÜBITAK UEKAE Kök Sertifika Hizmet Saglayicisi - Sürüm 3Tunisian Root Certificate Authority - TunRootCA2TÜRKTRUST Elektronik Islem HizmetleriTÜRKTRUST Elektronik Islem HizmetleriTÜRKTRUST Elektronik Sertifika Hizmet SaglayicisiTÜRKTRUST Elektronik Sertifika Hizmet SaglayicisiTÜRKTRUST Elektronik Sertifika Hizmet SaglayicisiTÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi H5TÜRKTRUST Elektronik Sertifika Hizmet Saglayicisi H6TWCA Global Root CATWCA Root Certification AuthorityTWCA Root Certification AuthorityUCA Global RootUCA RootUSERTrust ECC Certification AuthorityUSERTrust RSA Certification AuthorityUTN - DATACorp SGCUTN-USERFirst-Client Authentication and EmailUTN-USERFirst-HardwareUTN-USERFirst-Network ApplicationsUTN-USERFirst-ObjectVAS Latvijas Pasts SSI(RCA)VeriSign Class 1 Public Primary Certification Authority - G3VeriSign Class 2 Public Primary Certification Authority - G3VeriSign Class 3 Public Primary Certification Authority - G3VeriSign Class 3 Public Primary Certification Authority - G4VeriSign Class 3 Public Primary Certification Authority - G5VeriSign Class 4 Public Primary Certification Authority - G3VeriSign Commercial Software Publishers CAVeriSign Trust NetworkVeriSign Universal Root Certification AuthorityVerizon Global Root CAVI Registru Centras RCSC (RootCA)Visa eCommerce RootVisa Information Delivery Root CAVRK Gov. Root CAWellsSecure Public Root Certificate AuthorityWellsSecure Public Root Certification Authority 01 G2XRamp Global Certification Authority 373 Certificates Here is a list of rekoved certificates from Windows XP to New installation and running "rvkroots.exe" (Security Advisories):Issued on behalf of: *.EGO.GOV.TR*.google.comAC DG Trésor SSLaddons.mozilla.orgAlpha Networks Inc.CN=Microsoft Online Svcs BPOS APAC CA4DigiNotar Cyber CADigiNotar Cyber CADigiNotar Cyber CADigiNotar PKIoverheid CA Organisatie - G2DigiNotar PKIoverheid CA OverheidDigiNotar PKIoverheid CA Overheid en BedrijvenDigiNotar Root CADigiNotar Root CADigiNotar Root CADigiNotar Root CA G2DigiNotar Services 1024 CADigisign Server ID - (Enrich)Digisign Server ID (Enrich)D-LINK CORPORATIONe-islem.kktcmerkezbankasi.orgglobal trusteeKEEBOX, INClogin.live.comlogin.skype.comlogin.yahoo.comlogin.yahoo.comlogin.yahoo.commail.google.comMCSHOLDING TESTMicrosoft CorporationMicrosoft CorporationMicrosoft Enforced Licensing Intermediate PCAMicrosoft Enforced Licensing Intermediate PCAMicrosoft Enforced Licensing Registration Authority CA (SHA1)Microsoft Genuine Windows Phone Public Preview CA01Microsoft IPTVe CAMicrosoft Online CA001Microsoft Online Svcs BPOS APAC CA1Microsoft Online Svcs BPOS APAC CA2Microsoft Online Svcs BPOS APAC CA3Microsoft Online Svcs BPOS APAC CA5Microsoft Online Svcs BPOS APAC CA6Microsoft Online Svcs BPOS CA1Microsoft Online Svcs BPOS CA2Microsoft Online Svcs BPOS CA2Microsoft Online Svcs BPOS CA2Microsoft Online Svcs BPOS EMEA CA1Microsoft Online Svcs BPOS EMEA CA2Microsoft Online Svcs BPOS EMEA CA3Microsoft Online Svcs BPOS EMEA CA4Microsoft Online Svcs BPOS EMEA CA5Microsoft Online Svcs BPOS EMEA CA6Microsoft Online Svcs CA1Microsoft Online Svcs CA1Microsoft Online Svcs CA3Microsoft Online Svcs CA3Microsoft Online Svcs CA4Microsoft Online Svcs CA4Microsoft Online Svcs CA5Microsoft Online Svcs CA5Microsoft Online Svcs CA6NIC CA 2011NIC CA 2014NIC Certifying AuthorityTRENDnet, Inc.www.google.comwww.live.fi 68 Certificates Based on the lists, you can look in the Certificate Manager and make a comparison. Well I have 566 trusted certificates and 60 untrusted certificates.Some, but obviously not all, match those in your lists.Should I be worried about this?
heinoganda Posted October 22, 2015 Author Posted October 22, 2015 (edited) @Dave-H Be worried, yes, but do not panic. Have you viewed the link at (Security Advisories), as some will be explained with regard also to obtain the update. Since the 4 currently revoked certificates are listed by the way. That you have more certificates may be because that your Windows already a very long time is in use where just already often a non-existent root certificate from Microsoft (crypt32) or you have certificates imported. On my host PC I have collected 456 certificates . Edited October 22, 2015 by heinoganda
Dave-H Posted October 23, 2015 Posted October 23, 2015 @blackwingcatI just tried installing your October 2015 Root Certificates Update and Trend Internet Security blocked it as a "suspicious file"!Presumable it's really OK, but I'd just like some reassurance......
blackwingcat Posted October 23, 2015 Posted October 23, 2015 Hi.http://blog.livedoor.jp/blackwingcat/archives/1914441.htmlHere is the reason. I released KDW solutions before, they are detected false positive by any anti virus.So my site is marked sometimes "suspicious site". @blackwingcatI just tried installing your October 2015 Root Certificates Update and Trend Internet Security blocked it as a "suspicious file"!Presumable it's really OK, but I'd just like some reassurance......
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now