Jump to content

System Certificates Updater (The easy way)


loblo

Recommended Posts

Get rvkroots.exe (Google), extract updroots.exe from it and put it in some folder. Get Curl: https://rwijnsma.home.xs4all.nl/files/curl/curl-7.69.1-mbedtls-zlib-win32-static-xpmod-sse.7z and unpack in the same folder. Then you just run the following batch file:

-----------------------------------------------------------------------------------------------------------------------------------------
curl -O http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authroots.sst 
curl -O http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/delroots.sst
curl -O http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcert.sst
curl -O http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/roots.sst
curl -O http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/updroots.sst
updroots authroots.sst
updroots updroots.sst
updroots -l roots.sst
updroots -d delroots.sst
updroots -l -u disallowedcert.sst
cls

-----------------------------------------------------------------------------------------------------------------------------------------

Done, takes 20 seconds to update, no complicated nonsense like they do in the XP forum. ;)
 

Edited by loblo
Link to comment
Share on other sites


Sounds too good to be true...

I've searched around for hours, just trying to collect all files together first, and then tried to start that CURL thingee, but no luck :( It doesn't even start, my KernelEx isn't enough.

But that's just preparations for perhaps later, not planning to do this fully now without the slightest clue how to UNDO it, in case it messes my system. Not enough space for a full system or even win-folder backup anymore, grmpf.

And wondering, do you know if that method would work in XP/Vista/Win7 too?
During my search above came across this forum topic, last post looks very similar, but from 2016 and no system specified:
https://www.computerbase.de/forum/threads/untrusted-certificates-microsoft-entschaerft-gefaehrliche-dell-zertifikate.1536888/
This bit looked also interesting: Run > certmgr.msc

Edited by siria
Link to comment
Share on other sites

You need Updroots.exe from one of the unofficial SP's for 98SE or ME. It is inside ROOTSUPD.cab in UMECU105A : - 2017 updates. There has been a later update in a SP some where. Curl I think is for auto updating but I do not know. It might stand for CertificateUpdateRemoteLink. Curl works with KernelEx with 2K settings. Just collect all the SST files and put them in your system folder then run the script. There will be an INF in the SP files that will make things easy. To view MSC files you need MMC installed but MMC, Microsoft Management Console, is useless for modern MSC files. It is best to interrogate registry with an other application I think. MSTOOLS may have one but I need to check.

Edited by Goodmaneuver
Link to comment
Share on other sites

Very basically the root certificates are a reference on the certificate signing authority site, the secure web site you are communicating and the client machine - you, so that the secure web site communications can be checked for genuinity. Otherwise you may have to force your browser to proceed or not. The root certificates should be kept up to date. It should work for other OS's that can use Microsoft Serialized Certificate Store - SST files. I know 2K and XP does and because the links to download them are not OS specific I assume the others do too. There is a difference between registry vs 4 and vs 5 though where long values more than 2048 bytes must be stored as files with the file names stored in the registry. I get an overflow in my icon cache to the Windows folder named ShellIconCache - keep an eye out, when it approaches 16kB then a boot into safe mode is required to reset it. https://support.microsoft.com/en-us/help/256986/windows-registry-information-for-advanced-users

Edited by Goodmaneuver
grammar correction
Link to comment
Share on other sites

Something to requirements (my system Win ME, but that shouldn't matter here):

KernelEx 4.5.2: The Update fails, no matter how curl is set. Error: 1. "Curl.exe is linked to missing export-Kernel32.dll: FindFirstVolumeW" / 2. UpdRoots -open SrcStore failed=>0x2(2)

KernelEx 4.5.2015.9, but with kexbasen 8: It works with an error "Curl.exe is linked to missing export-Kernel32.dll: FindFirstVolumeW". Adding this API to Kexstubs could help to avoid the error message.

KernelEx - latest Update 24: The update worked perfectly. Set the curl.exe to 2k. Update 24 supports FindFirstVolumeW.

Link to comment
Share on other sites

@schwups

You can replace curl with wget, or any other similar program that is able to download files.

Or you can instead download the files manually with your browser :P

Actually, try running this in the command prompt or a bat file:

explorer.exe http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authroots.sst
explorer.exe http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/delroots.sst
explorer.exe http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcert.sst
explorer.exe http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/roots.sst
explorer.exe http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/updroots.sst
pause

updroots authroots.sst
updroots updroots.sst
updroots -l roots.sst
updroots -d delroots.sst
updroots -l -u disallowedcert.sst

You should get 5 Open/Save/Cancel dialogs. Select to save in the same folder as uproots, then after all 5 are downloaded switch to the command prompt window and press a key.

 

Link to comment
Share on other sites

  • 2 weeks later...

I obtained the above SST files and ran the updroots thing - got no messages after each command (so I assumed no errors).  Does this take effect immediately or is a reboot required?

Is there any sort of on-line test or check to see if these certs are working correctly?

 

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...