Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Root Certificates and Revoked Certificates for Windows XP


heinoganda
 Share

Recommended Posts

On 29 May 2020 at 11:20 PM, heinoganda said:

Update for root certificates:

New:

CN = GlobalSign Client Authentication Root E45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Client Authentication Root R45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Code Signing Root E45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Code Signing Root R45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Document Signing Root E45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Document Signing Root R45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Secure Mail Root E45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Secure Mail Root R45
O = GlobalSign nv-sa
C = BE

CN = GlobalSign Timestamping Root R45
O = GlobalSign nv-sa
C = BE



 

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

:)

A number of these are elliptic curve certificates, they can be installed in the registry but I believe that neither the XP OS nor any software that relies on its cryptography will be able to use them.

Edited by loblo
Link to comment
Share on other sites

  • 2 weeks later...

@heinoganda

Hi,

first of all my thanks for the Root and Revoked certificates update.:worship:

Would it be possible to change the download website?

I did a test with the latest Chrome build.

I couldn't see the download button without disabling uBlock Origin.

 

 

FTvJpgNX_t.jpg

After disablingthe browser is subjected to fingerprinting actions:

Uqfk2xvo_t.jpg

 

and finally the download uses an insecure protocol:

RSA AES 256 CBC SHA 256

Edited by Sampei.Nihira
Link to comment
Share on other sites

On 9/4/2020 at 3:58 PM, Dave-H said:

I think that's the first time for a very long time that the date has been the same on all the entries in the list!

That's not true. There are two unchanged files:

  • roots.sst is the same as it was 2 years ago, dated 2018-04-18;
  • disallowedcert.sst is the same as it was a year ago, dated 2019-08-13.

They were just freshly copied to that download server, other servers may still keep old copies.

Link to comment
Share on other sites

The files contain only certificates with different timestamps, there is no specific metadata with global timestamp inside. The updater always shows timestamps taken from the server. If you re-upload any old file, it will have a new timestamp.

Link to comment
Share on other sites

Ah, so the date displayed in the updater is simply the date of the file on the server, not necessarily the date of its contents.
I still reckon it's been a very long time since they were all displayed with the same date, so I guess for some reason they've all been replaced on the server at the same time, or at least on the same day!
:)

Link to comment
Share on other sites

  • 3 weeks later...
On 9/9/2020 at 8:42 PM, Usher said:

The files contain only certificates with different timestamps, there is no specific metadata with global timestamp inside. The updater always shows timestamps taken from the server. If you re-upload any old file, it will have a new timestamp.

CAupdater.png.a4e0918fcfdb2c1a7dab1a2505ca9eaf.png

Only the updroots.sst file has the changed content, the other files have not changed.

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

Sorry if this is a stupid question but I downloaded "heinoganda's Cert_Updater.exe" 1.6 and tried to update the Root Certificates on my Windows XP Pro SP3 but all I get is the following despite the network working just fine...

 

1.png.ea2f6b2e893968cad0601178a1b388d7.png

2.png.c42d59985d23ba2946527e8b5a90b128.png

 

Are there any specific requirements before running the updater? Any specific services needed to be running?

Any help appreciated...

 

 

Edited by KeyCat
Link to comment
Share on other sites

@KeyCat
FWIW the updater is still working fine for me.
AFAIK it's a standalone program which doesn't depend on anything else, apart from an internet connection of course!
It looks likely to me that you have something blocking its connection.
:)

Edited by Dave-H
Addition
Link to comment
Share on other sites

That did the trick!

Manually downloaded the *.sst files manually and then ran...

updroots authroots.sst
updroots updroots.sst
updroots -l roots.sst
updroots -d delroots.sst
updroots -l -u disallowedcert.sst

 

58 minutes ago, Dave-H said:

@KeyCat
FWIW the updater is still working fine for me.
AFAIK it's a standalone program which doesn't depend on anything else, apart from an internet connection of course!
It looks likely to me that you have something blocking its connection.
:)

Thanks for the input Dave!

Still havent figured out why heinoganda's Cert_Updater 1.6 doesn't run on my XP and there is nothing blocking it? It works fine when tested in W7 and W10...

Anyway, I got the certificates updated on my XP by doing it manually as mentioned above.

Edited by KeyCat
  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...