Jump to content

Root Certificates and Revoked Certificates for Windows XP

heinoganda

By heinoganda
in Windows XP

 Share

Recommended Posts

  • 2 weeks later...

  • 2 weeks later...
Sampei.Nihira

Sampei.Nihira

Posted
Posted
37 minutes ago, UCyborg said:

It won't. You already have ISRG Root X1 certificate if you keep certificates up-to-date with the updater here. Firefox based browsers are the special case that use their own certificate store.

:yes:

I have checked now.
The certificate is present:

100.jpg

TH.

:hello:

Link to comment
Share on other sites
UCyborg

UCyborg

Posted
Posted

I noticed my XP x64 doesn't handle certain certificates, eg.: Symantec Class 1 Public Primary Certification Authority - G4 - This certificate has an nonvalid digital signature.

I just installed an update KB3072630, which installs supposedly the latest crypt32.dll version 5.131.3790.5668, but the issue remains. Does the certificate use unsupported signature algorithm and this is just how it is on XP or is there a solution?

Link to comment
Share on other sites
Dave-H

Dave-H

Posted
Posted

My version of crypt32.dll is 5.131.2600.6459, which seems rather older than yours, although my system is 32 bit.
I looked at KB3072630, but that seems to be an update for the Windows Installer files, it doesn't contain crypt32.dll.
Is that correct?
:dubbio:

Link to comment
Share on other sites
Vistapocalypse

Vistapocalypse

Posted
Posted
On 11/11/2020 at 3:59 PM, UCyborg said:

I noticed my XP x64 doesn't handle certain certificates, eg.: Symantec Class 1 Public Primary Certification Authority - G4 - This certificate has an nonvalid digital signature.

My guess is that those certificates have sha2 digital signatures only.

Link to comment
Share on other sites
Dave-H

Dave-H

Posted
Posted
1 hour ago, UCyborg said:

It does contain crypt32.dll, you can peek inside the installer with 7-Zip.

http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/06/windowsserver2003-kb3072630-x64-enu_e4e5d7c372ddb9474fba3947d45a62cad7051a35.exe

OK, yes that version does contain crypt32.dll, as you say.
I was downloading the version of KB3072630 for Windows Embedded POSReady 2009 32 bit, which is right for my system, and that definitely doesn't contain crypt32.dll!
Why versions of the same patch for different versions of the OS should contain different files I have no idea, but I guess that maybe I do have the latest version of crypt32.dll for my system already.
:dubbio:

Link to comment
Share on other sites
UCyborg

UCyborg

Posted
Posted
2 hours ago, Vistapocalypse said:

My guess is that those certificates have sha2 digital signatures only.

Apparently XP has limited support for SHA-2 with only supported algorithm being RSA. The mentioned certificate uses ECDSA.

1 hour ago, Dave-H said:

but I guess that maybe I do have the latest version of crypt32.dll for my system already.

Probably, I haven't come across a POSReady 2009 update that would increase the version of crypt32.dll from 5.131.2600.6459.

1
Link to comment
Share on other sites
  • 1 month later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...