Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


heinoganda

Root Certificates and Revoked Certificates for Windows XP

Recommended Posts

Posted (edited)
On 29 May 2020 at 11:20 PM, heinoganda said:

Update for root certificates:

New:

CN = GlobalSign Client Authentication Root E45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Client Authentication Root R45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Code Signing Root E45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Code Signing Root R45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Document Signing Root E45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Document Signing Root R45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Secure Mail Root E45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Secure Mail Root R45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Timestamping Root R45
O = GlobalSign nv-sa
C = BE



 

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

:)

A number of these are elliptic curve certificates, they can be installed in the registry but I believe that neither the XP OS nor any software that relies on its cryptography will be able to use them.

Edited by loblo

Share this post


Link to post
Share on other sites

Thanks!
:thumbup
I think that's the first time for a very long time that the date has been the same on all the entries in the list!
:)

Share this post


Link to post
Share on other sites

@heinoganda

Hi,

first of all my thanks for the Root and Revoked certificates update.:worship:

Would it be possible to change the download website?

I did a test with the latest Chrome build.

I couldn't see the download button without disabling uBlock Origin.

 

 

FTvJpgNX_t.jpg

After disablingthe browser is subjected to fingerprinting actions:

Uqfk2xvo_t.jpg

 

and finally the download uses an insecure protocol:

RSA AES 256 CBC SHA 256

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites
On 9/4/2020 at 3:58 PM, Dave-H said:

I think that's the first time for a very long time that the date has been the same on all the entries in the list!

That's not true. There are two unchanged files:

  • roots.sst is the same as it was 2 years ago, dated 2018-04-18;
  • disallowedcert.sst is the same as it was a year ago, dated 2019-08-13.

They were just freshly copied to that download server, other servers may still keep old copies.

Share this post


Link to post
Share on other sites

So why is the updater showing all the files with the same file date?
It doesn't normally do that.
:dubbio:

Share this post


Link to post
Share on other sites

The files contain only certificates with different timestamps, there is no specific metadata with global timestamp inside. The updater always shows timestamps taken from the server. If you re-upload any old file, it will have a new timestamp.

Share this post


Link to post
Share on other sites

Ah, so the date displayed in the updater is simply the date of the file on the server, not necessarily the date of its contents.
I still reckon it's been a very long time since they were all displayed with the same date, so I guess for some reason they've all been replaced on the server at the same time, or at least on the same day!
:)

Share this post


Link to post
Share on other sites
On 9/9/2020 at 8:42 PM, Usher said:

The files contain only certificates with different timestamps, there is no specific metadata with global timestamp inside. The updater always shows timestamps taken from the server. If you re-upload any old file, it will have a new timestamp.

CAupdater.png.a4e0918fcfdb2c1a7dab1a2505ca9eaf.png

Only the updroots.sst file has the changed content, the other files have not changed.

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,

Sorry if this is a stupid question but I downloaded "heinoganda's Cert_Updater.exe" 1.6 and tried to update the Root Certificates on my Windows XP Pro SP3 but all I get is the following despite the network working just fine...

 

1.png.ea2f6b2e893968cad0601178a1b388d7.png

2.png.c42d59985d23ba2946527e8b5a90b128.png

 

Are there any specific requirements before running the updater? Any specific services needed to be running?

Any help appreciated...

 

 

Edited by KeyCat

Share this post


Link to post
Share on other sites

@KeyCat

Try this instead until you get help for heinoganda's Cert_Updater

 

Edited by RainyShadow
  • Like 1

Share this post


Link to post
Share on other sites

Thanks Rainy, will check it out!

 

Share this post


Link to post
Share on other sites

@KeyCat
FWIW the updater is still working fine for me.
AFAIK it's a standalone program which doesn't depend on anything else, apart from an internet connection of course!
It looks likely to me that you have something blocking its connection.
:)

Edited by Dave-H
Addition

Share this post


Link to post
Share on other sites

That did the trick!

Manually downloaded the *.sst files manually and then ran...

updroots authroots.sst
updroots updroots.sst
updroots -l roots.sst
updroots -d delroots.sst
updroots -l -u disallowedcert.sst

 

58 minutes ago, Dave-H said:

@KeyCat
FWIW the updater is still working fine for me.
AFAIK it's a standalone program which doesn't depend on anything else, apart from an internet connection of course!
It looks likely to me that you have something blocking its connection.
:)

Thanks for the input Dave!

Still havent figured out why heinoganda's Cert_Updater 1.6 doesn't run on my XP and there is nothing blocking it? It works fine when tested in W7 and W10...

Anyway, I got the certificates updated on my XP by doing it manually as mentioned above.

Edited by KeyCat
  • Like 1

Share this post


Link to post
Share on other sites

Have you tried booting into "safe mode with networking" and trying it then?
:dubbio:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...