Certificate store integrity

M

midimaker

Hi all


My certificate revocation list includes the certificates superseding those in use on my computer - , and alarmingly the MS TPM authority?


Issued To Issued By Expiration Date Intended Purposes Friendly Name Status Certificate Template


EUS-NTC-KEYID-23F4E22AD3BE374A44<last22redacted> Microsoft TPM Root Certificate Authority 2014 21/03/2025 1.3.6.1.4.1.311.21.36, Attestation Identity Key Certificate <None>


Microsoft TPM Root Certificate Authority 2014 Microsoft TPM Root Certificate Authority 2014 10/12/2039 <All> <None>

Microsoft Windows Hardware Compatibility Microsoft Root Authority 31/12/2002 Code Signing, Windows Hardware Driver Verification <None>


Root Agency Root Agency 31/12/2039 <All> <None>


SurfEasy Intermediate CA SurfEasy CA 18/02/2023 <All> <None>

www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Class 3 Public Primary Certification Authority 24/10/2016 Server Authentication, Client Authentication, 2.16.840.1.113730.4.1, 2.16.840.1.113733.1.8.1 <None>

--------------------


I've also noticed certificates with additional properties including things like "KeyID=" in the text of the KeyID box; along with other data; and it really should be one information unit per box, excluding title.


My surfwasy cert as an eg:


KeyID=5f43......

Certificate Issuer:

Directory Address:

*** Email address is removed for privacy ***

CN=SurfEasy CA

O=SurfEasy

L=Toronto

S=Ontario

C=CA

Certificate SerialNumber=00e3......


How can a typical windows user be sure the CA list is correct - I can find shockingly tiny amounts of info probably because if there's a CA issue , it'd be easy to filter out the fix


Continue reading...
 
Back
Top Bottom