Guest Jim Posted May 6, 2008 Posted May 6, 2008 If you are working on a "legacy" system on windows; where do you go to for an update of the trusted root CA lists? If any have expired or have gone...with the wind, should I delete or let an update program perform this action? Are the Intermediate CA's being updated also? tia-maria Quote
Guest Paul Adare Posted May 7, 2008 Posted May 7, 2008 On Tue, 6 May 2008 16:31:18 -0400, Jim wrote: <span style="color:blue"> > If you are working on a "legacy" system on windows; where do you go to for > an update of the trusted root CA lists? If any have expired or have > gone...with the wind, should I delete or let an update program perform this > action? Are the Intermediate CA's being updated also? tia-maria</span> If the application in question does not use the normal Windows APIs for certificate management then you'll need to check with the application vendor for this kind of information. If the application is written to conform to the relevant RFCs then intermediate certificates should be retrieved from the AIA location in the certificate(s) it is consuming. -- Paul Adare http://www.identit.ca The value of a program is proportional to the weight of its output. Quote
Guest Jim Posted May 7, 2008 Posted May 7, 2008 I was referring to the certificate store onboard the local system. Windows update would have an option to update these Trusted and Intermediate CA's. However if windows 98se or 2k etc. windows update is no longer supported... for these OS. Some of these CA's are still valid thru 2020 and some have expired. Others have gone out of biz. Although I have not had problem with these CA's, I was wondering where one would update the CA list for this store and is it necessary to police the list prior if ever. The only CA's that I have ever deleted were outdated personal and other peoples. "Paul Adare" <pkadare@gmail.com> wrote in message news:6phi6rerajiz$.1blg493mphjs$.dlg@40tude.net...<span style="color:blue"> > On Tue, 6 May 2008 16:31:18 -0400, Jim wrote: ><span style="color:green"> > > If you are working on a "legacy" system on windows; where do you go to</span></span> for<span style="color:blue"><span style="color:green"> > > an update of the trusted root CA lists? If any have expired or have > > gone...with the wind, should I delete or let an update program perform</span></span> this<span style="color:blue"><span style="color:green"> > > action? Are the Intermediate CA's being updated also? tia-maria</span> > > If the application in question does not use the normal Windows APIs for > certificate management then you'll need to check with the application > vendor for this kind of information. > If the application is written to conform to the relevant RFCs then > intermediate certificates should be retrieved from the AIA location in the > certificate(s) it is consuming. > > -- > Paul Adare > http://www.identit.ca > The value of a program is proportional to the weight of its output.</span> Quote
Guest Paul Adare Posted May 7, 2008 Posted May 7, 2008 On Wed, 7 May 2008 10:19:25 -0400, Jim wrote: <span style="color:blue"> > I was referring to the certificate store onboard the local system. Windows > update would have an option to update these Trusted and Intermediate CA's.</span> Root CAs only. Windows Update does not update intermediate CAs. <span style="color:blue"> > However if windows 98se or 2k etc. windows update is no longer supported... > for these OS. Some of these CA's are still valid thru 2020 and some have > expired. Others have gone out of biz. Although I have not had problem with > these CA's, I was wondering where one would update the CA list for this > store and is it necessary to police the list prior if ever. The only CA's > that I have ever deleted were outdated personal and other peoples.</span> If you feel the need to then manually manage the list. There's really no point. -- Paul Adare http://www.identit.ca Profanity is the one language all programmers know best. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.