Jump to content

Root Certificates and Revoked Certificates for Windows XP


Recommended Posts

Hello again,

First: My apologies for double-posting.

I just tried this on a Windows XP Professional x64 Edition SP2 VM after removing the "Update Root Certificates" Windows component, and this is what it looks like:


I took a look at the certificate store before and after, and certificates were indeed added and removed. The intermediate certificate authority revocation list stayed the same though. But it appears to be working as intended, I guess? Nothing related was logged into the system logs, no errors either.

Just a minor suggestion: I think it should say "Root Certificates", not "Roots Certificates".

Thanks for your work!

Link to comment
Share on other sites

TLS v1.2 doesn't work. Like I said, the corresponding Windows update simply doesn't exist for XP x64 (or Server 2003 x64). There is no x64 version of POSReady2009 after all, so my Windows SSL is stuck at TLS v1.0.

Maybe there is a corresponding update for companies which paid up to get continued support for Server 2003 x64, but no such update was ever leaked to the public as far as I know.

Link to comment
Share on other sites

2 hours ago, GrandAdmiralThrawn said:

TLS v1.2 doesn't work. Like I said, the corresponding Windows update simply doesn't exist for XP x64 (or Server 2003 x64). There is no x64 version of POSReady2009 after all, so my Windows SSL is stuck at TLS v1.0.

Then your best shot is ProxHTTPSProxyMII

Link to comment
Share on other sites

When using Internet Explorer? If so, then very interesting. Then the question would be: Which update gives TLS v1.2 on XP x64? I've tracked all the updates that came out for Server 2003 x64 (after XP x64 went EoL), and there was no TLS v1.2 update included, unless I've overlooked something.

Link to comment
Share on other sites

6 minutes ago, Usher said:

AFAIK, you should search for Windows Server 2003 x64 updates.

The only update I'm aware is KB948963 that is a cipher upgrade to enable AES128 and AES256 in WinSSL...

Link to comment
Share on other sites

4 hours ago, Usher said:

AFAIK, you should search for Windows Server 2003 x64 updates.

I'm sorry, but just 2 posts before I said that I had tracked Server 2003 x64 updates since the EoL of XP x64. You can find my corresponding list [here]. Also, as said, maybe I've just overlooked something. But my searches don't turn up any TLS 1.2 update for Windows SSL on Server 2003 x64 or XP x64.

Of course, I can use it with New Moon, but that's not what this is about. I want this for IE8 to upgrade certain softwares which use the IE8 engine to access secure websites (some license activation systems do this, e.g. the one that comes with Adobe Photoshop CS6).

Edit @FranceBB: You're right about ProxHTTPSProxyMII of course. Just saying, so you don't think I'm ignoring your suggestions. :) But if there's a way to get this done with some Windows Update on XP x64, I'd prefer that way. If at all possible.

Edited by GrandAdmiralThrawn
Link to comment
Share on other sites

On 4/21/2020 at 8:55 AM, GrandAdmiralThrawn said:

I'm sorry, but just 2 posts before I said that I had tracked Server 2003 x64 updates since the EoL of XP x64. You can find my corresponding list [here]. Also, as said, maybe I've just overlooked something. But my searches don't turn up any TLS 1.2 update for Windows SSL on Server 2003 x64 or XP x64.

Unfortunately, I can't find KB numbers, only dates and info about Windows Server 2003. I suspect there might be updates for 32-bit version there.

On the list you have linked above there are only two strictly related updates: KB4018271 for IE8 x64 and KB948963 for AES. Update for IE is too old to contain properly working TLS 1.1/1.2 implementation (latest fixes were in KB4483187 in December 2018, EDIT: and possibly in cumulative update KB4493435 for IE8 in April 2019), and there is no update for SHA hashes and TLS 1.1/1.2 themselves (they were in KB4019276 for XP 32-bit, released after KB4018271 for IE8 64-bit).


Of course, if I find any new info, I will post it here…

Edited by Usher
added last IE8 update
Link to comment
Share on other sites

Thank you!

Also, it'd be interesting to hear of any leaks of updates sourced from paid support (which are not available to the public). There should be some companies which still get them after all. Would violate the license agreement to release them I presume, but still.

I would've tried to actually pay Microsoft for them myself, but unfortunately, this service is not available for private individuals. ;)

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...