Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Root Certificates and Revoked Certificates for Windows XP


heinoganda
 Share

Recommended Posts

  • 2 weeks later...

  • 2 weeks later...
37 minutes ago, UCyborg said:

It won't. You already have ISRG Root X1 certificate if you keep certificates up-to-date with the updater here. Firefox based browsers are the special case that use their own certificate store.

:yes:

I have checked now.
The certificate is present:

100.jpg

TH.

:hello:

Link to comment
Share on other sites

I noticed my XP x64 doesn't handle certain certificates, eg.: Symantec Class 1 Public Primary Certification Authority - G4 - This certificate has an nonvalid digital signature.

I just installed an update KB3072630, which installs supposedly the latest crypt32.dll version 5.131.3790.5668, but the issue remains. Does the certificate use unsupported signature algorithm and this is just how it is on XP or is there a solution?

Link to comment
Share on other sites

My version of crypt32.dll is 5.131.2600.6459, which seems rather older than yours, although my system is 32 bit.
I looked at KB3072630, but that seems to be an update for the Windows Installer files, it doesn't contain crypt32.dll.
Is that correct?
:dubbio:

Link to comment
Share on other sites

On 11/11/2020 at 3:59 PM, UCyborg said:

I noticed my XP x64 doesn't handle certain certificates, eg.: Symantec Class 1 Public Primary Certification Authority - G4 - This certificate has an nonvalid digital signature.

My guess is that those certificates have sha2 digital signatures only.

Link to comment
Share on other sites

1 hour ago, UCyborg said:

OK, yes that version does contain crypt32.dll, as you say.
I was downloading the version of KB3072630 for Windows Embedded POSReady 2009 32 bit, which is right for my system, and that definitely doesn't contain crypt32.dll!
Why versions of the same patch for different versions of the OS should contain different files I have no idea, but I guess that maybe I do have the latest version of crypt32.dll for my system already.
:dubbio:

Link to comment
Share on other sites

2 hours ago, Vistapocalypse said:

My guess is that those certificates have sha2 digital signatures only.

Apparently XP has limited support for SHA-2 with only supported algorithm being RSA. The mentioned certificate uses ECDSA.

1 hour ago, Dave-H said:

but I guess that maybe I do have the latest version of crypt32.dll for my system already.

Probably, I haven't come across a POSReady 2009 update that would increase the version of crypt32.dll from 5.131.2600.6459.

  • Like 1
Link to comment
Share on other sites

  • 1 month later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...