Root Certificates and Revoked Certificates for Windows XP

[egrabrych]

[Dave-H]

Thank you!

[egrabrych]

Only the roots.sst file has the same content, the other 3 files have changed.

[Dave-H]

Thanks!

I'm slightly puzzled though, I've run the updater, and one of the files isn't the same date as you've got.

delroots.sst is showing 12th October 2020, and not 23rd February 2021 as on your image.

[dencorso]

Retry again latter. I've seen that happen before... it's just some stray poltergeist inside MS machines, nothing really serious. 

[XPerceniol]

2 hours ago, dencorso said:

Retry again latter. I've seen that happen before... it's just some stray poltergeist inside MS machines, nothing really serious. 

I've (personally) found this evil entity hiding once in my machine - the only fix (I can recall) was to burn sage in the room and it was expelled out by sunrise. If the doesn't work, you're only hope is an exorcist. Sorry.. I just couldn't resist

See what a helpful member I am of this (here) forum ... I guess that online course I took in 'electronics possession' (truly) did pay off.

Edited March 3, 2021 by XPerceniol

[Dave-H]

Just checked again and all is correct now.
The spook has been laid to rest!

[1d5]

Sadly doesnt work :( still have the connection error screen

[egrabrych]

[i430VX]

5 hours ago, 1d5 said:

Sadly doesnt work still have the connection error screen

It most probably IS working, but it may not be doing what you'd want it to. If youre trying to make secure connections on windows XP using chrome or IE8, it is very hit-or-miss due to rather abysmal cipher support. Try using Firefox, or one of its zillion XP-Friendly derivities, and if your problem is what I described, you won't have the issue any longer.

Certificates don't add ciphers.

[1d5]

5 hours ago, i430VX said:

It most probably IS working, but it may not be doing what you'd want it to. If youre trying to make secure connections on windows XP using chrome or IE8, it is very hit-or-miss due to rather abysmal cipher support. Try using Firefox, or one of its zillion XP-Friendly derivities, and if your problem is what I described, you won't have the issue any longer.

Certificates don't add ciphers.

I use the latest version of firefox that is available for Windows XP though

[i430VX]

Then the certificate updater for windows XP will not solve your problem. Firefox does its own thing with certificates. Your problem must be somewhere else.

Possibilities:

-The server you're trying to reach actually does not exist
-Your internet connection is having issues.
-Your LAN is not configured properly
-You have no drivers for your NIC(s)
-Your system time/date is not correct.

Let us know if any of those happen to be it.

If it still doesn't work, please provide more details than "connection error screen" (like, what site(s) are you attempting to visit, exact error details, system configuration, etc)

[Vistapocalypse]

7 hours ago, 1d5 said:

I use the latest version of firefox that is available for Windows XP though

Welcome to MSFN. If this issue only occurs at a limited number of websites, then those sites might possibly require TLS 1.3. Firefox 52.9 supported TLS 1.2 by default, but also had optional support for an early draft of 1.3 (roytam1’s browsers have better support for 1.3 though). To activate this option in Firefox:

https://www.ghacks.net/2017/06/15/how-to-enable-tls-1-3-support-in-firefox-and-chrome/

[i430VX]

Slightly OT, but ARE there sights that actually require TLS1.3 yet? Other than the usual sites designed soley for testing that?

[Usher]

AFAIK some sites allow either TLS 1.2 with strongest cipher suites (Elliptic Curves etc.) or TLS 1.3 only.

Internet standards for TLS 1.0 (RFC 2246) and for TLS 1.1 (RFC 4346) are marked as HISTORIC now so they shouldn't be used any more.