Updating Trusted Root CA

[Jim]

If you are working on a "legacy" system on windows where do you go to for
an update of the trusted root CA lists? If any have expired or have
gone...with the wind, should I delete or let an update program perform this
action? Are the Intermediate CA's being updated also? tia-maria

 

[Paul Adare]

On Tue, 6 May 2008 16:31:18 -0400, Jim wrote:

> If you are working on a "legacy" system on windows where do you go to for
> an update of the trusted root CA lists? If any have expired or have
> gone...with the wind, should I delete or let an update program perform this
> action? Are the Intermediate CA's being updated also? tia-maria

If the application in question does not use the normal Windows APIs for
certificate management then you'll need to check with the application
vendor for this kind of information.
If the application is written to conform to the relevant RFCs then
intermediate certificates should be retrieved from the AIA location in the
certificate(s) it is consuming.

--
Paul Adare
http://www.identit.ca
The value of a program is proportional to the weight of its output.

 

[Jim]

I was referring to the certificate store onboard the local system. Windows
update would have an option to update these Trusted and Intermediate CA's.
However if windows 98se or 2k etc. windows update is no longer supported...
for these OS. Some of these CA's are still valid thru 2020 and some have
expired. Others have gone out of biz. Although I have not had problem with
these CA's, I was wondering where one would update the CA list for this
store and is it necessary to police the list prior if ever. The only CA's
that I have ever deleted were outdated personal and other peoples.

"Paul Adare" <pkadare@gmail.com> wrote in message
news:6phi6rerajiz$.1blg493mphjs$.dlg@40tude.net...
> On Tue, 6 May 2008 16:31:18 -0400, Jim wrote:
>
> > If you are working on a "legacy" system on windows where do you go to
for
> > an update of the trusted root CA lists? If any have expired or have
> > gone...with the wind, should I delete or let an update program perform
this
> > action? Are the Intermediate CA's being updated also? tia-maria
>
> If the application in question does not use the normal Windows APIs for
> certificate management then you'll need to check with the application
> vendor for this kind of information.
> If the application is written to conform to the relevant RFCs then
> intermediate certificates should be retrieved from the AIA location in the
> certificate(s) it is consuming.
>
> --
> Paul Adare
> http://www.identit.ca
> The value of a program is proportional to the weight of its output.

 

[Paul Adare]

On Wed, 7 May 2008 10:19:25 -0400, Jim wrote:

> I was referring to the certificate store onboard the local system. Windows
> update would have an option to update these Trusted and Intermediate CA's.

Root CAs only. Windows Update does not update intermediate CAs.

> However if windows 98se or 2k etc. windows update is no longer supported...
> for these OS. Some of these CA's are still valid thru 2020 and some have
> expired. Others have gone out of biz. Although I have not had problem with
> these CA's, I was wondering where one would update the CA list for this
> store and is it necessary to police the list prior if ever. The only CA's
> that I have ever deleted were outdated personal and other peoples.

If you feel the need to then manually manage the list. There's really no
point.

--
Paul Adare
http://www.identit.ca
Profanity is the one language all programmers know best.