Guest GOODAY Posted July 16, 2008 Posted July 16, 2008 Hello, I've been unable to find out why the Update Root Certfiicate component is auto deleting an auto installed 3rd party root certificate. Any help with the following closely related questions would be much appreciated - In what circumstances does URC automatically delete a 3rd party root certificate? - Are such automatic deletions specific to Vista? - Can such deletions be disabled (without disabling URC?) For example, a Vista laptop obtains a certificate on the 2nd of July, but the certificate is automatically deleted on the 3rd of July. Here's the application event log extract. Level Information Date and Time 02/07/2008 13:50:52 Source Microsoft-Windows-CAPI2 Event ID 1 Task Category None Description Successful auto update of third-party root certificate:: Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE> Sha1 thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>. Level Information Date and Time 03/07/2008 15:39:07 Source Microsoft-Windows-CAPI2 Event ID 12 Task Category None Description Successful auto delete of third-party root certificate:: Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE> Sha1 thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> “ Quote
Guest Mark H Posted July 16, 2008 Posted July 16, 2008 Some clarity is needed: The first assumption being made is that you are using Vista. (Event ID 12 is different in the various versions of windows.) In Vista, Event ID12 is the following... The device device_name disappeared from the system without first being prepared for removal. (A hot detach of a removable device.) Example: http://support.microsoft.com/kb/945926 Back to 3rd party root certificates auto-deleting... Are you attempting to program the effect in your application, or disable the effect on your machine? CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE Setting this flag inhibits the auto update of third-party roots from the Windows Update Web Server. Note: Unless the comuputer this certifcate is being applied to has Server updates, this function will not work. Basics of certificate update operation: http://www.tech-faq.com/root-certificate-update.shtml (Disabling of the function may cause other problems.) Preventing auto-deletion per user requires that _each user_ add the certificate to the Trusted Root Certificate Authorities repository. If this is not done, the certificate will auto-delete each time the user logs out of Internet Explorer. http://www.thebitguru.com/articles/13-Impo...Windows%20Vista "GOODAY" <GOODAY@discussions.microsoft.com> wrote in message news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...<span style="color:blue"> > Hello, > > I've been unable to find out why the Update Root Certfiicate component is > auto deleting an auto installed 3rd party root certificate. > > Any help with the following closely related questions would be much > appreciated > > - In what circumstances does URC automatically delete a 3rd party root > certificate? > - Are such automatic deletions specific to Vista? > - Can such deletions be disabled (without disabling URC?) > > > For example, a Vista laptop obtains a certificate on the 2nd of July, but > the certificate is automatically deleted on the 3rd of July. > > Here's the application event log extract. > > Level Information > Date and Time 02/07/2008 13:50:52 > Source Microsoft-Windows-CAPI2 > Event ID 1 > Task Category None > Description Successful auto update of third-party root</span> certificate::<span style="color:blue"> > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,</span> C=BE><span style="color:blue"> > Sha1 > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>. > > > Level Information > Date and Time 03/07/2008 15:39:07 > Source Microsoft-Windows-CAPI2 > Event ID 12 > Task Category None > Description Successful auto delete of third-party root</span> certificate::<span style="color:blue"> > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE> > Sha1 > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> " > > ></span> Quote
Guest GOODAY Posted July 16, 2008 Posted July 16, 2008 Re: Event ID 12 "Successful auto delete of third-party root certif Hello Mark, Many thanks for your reply. As indicated in the original post, the example event log was from Vista and the event log export is exactly as shown, so event ID 12, when viewing the application log at least, is a the certificate auto delete. The questions were Q - In what circumstances does URC automatically delete a 3rd party root certificate? A - If I understand your reply correctly, the certificate will be deleted in all instances when a user exits Internet Explorer (please confirm) Q - Are such automatic deletions specific to Vista? A- ? Q - Can such deletions be disabled (without disabling URC?) A - No, user must add manually to the Trusted Root Certificate Authorities repository or else disable the Update Root Certificate Component (please confirm) Many thanks, Andrew "Mark H" wrote: <span style="color:blue"> > Some clarity is needed: > The first assumption being made is that you are using Vista. > (Event ID 12 is different in the various versions of windows.) > > In Vista, Event ID12 is the following... > The device device_name disappeared from the system without first being > prepared for removal. > (A hot detach of a removable device.) > > Example: http://support.microsoft.com/kb/945926 > > > Back to 3rd party root certificates auto-deleting... > Are you attempting to program the effect in your application, or disable the > effect on your machine? > CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE > Setting this flag inhibits the auto update of third-party roots from the > Windows Update Web Server. > Note: Unless the comuputer this certifcate is being applied to has Server > updates, this function will not work. > > Basics of certificate update operation: > http://www.tech-faq.com/root-certificate-update.shtml > (Disabling of the function may cause other problems.) > > Preventing auto-deletion per user requires that _each user_ add the > certificate to the Trusted Root Certificate Authorities repository. If this > is not done, the certificate will auto-delete each time the user logs out of > Internet Explorer. > http://www.thebitguru.com/articles/13-Impo...Windows%20Vista > > > > "GOODAY" <GOODAY@discussions.microsoft.com> wrote in message > news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...<span style="color:green"> > > Hello, > > > > I've been unable to find out why the Update Root Certfiicate component is > > auto deleting an auto installed 3rd party root certificate. > > > > Any help with the following closely related questions would be much > > appreciated > > > > - In what circumstances does URC automatically delete a 3rd party root > > certificate? > > - Are such automatic deletions specific to Vista? > > - Can such deletions be disabled (without disabling URC?) > > > > > > For example, a Vista laptop obtains a certificate on the 2nd of July, but > > the certificate is automatically deleted on the 3rd of July. > > > > Here's the application event log extract. > > > > Level Information > > Date and Time 02/07/2008 13:50:52 > > Source Microsoft-Windows-CAPI2 > > Event ID 1 > > Task Category None > > Description Successful auto update of third-party root</span> > certificate::<span style="color:green"> > > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,</span> > C=BE><span style="color:green"> > > Sha1 > > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>. > > > > > > Level Information > > Date and Time 03/07/2008 15:39:07 > > Source Microsoft-Windows-CAPI2 > > Event ID 12 > > Task Category None > > Description Successful auto delete of third-party root</span> > certificate::<span style="color:green"> > > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE> > > Sha1 > > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> " > > > > > ></span> > > > </span> Quote
Guest Mark H Posted July 16, 2008 Posted July 16, 2008 Re: Event ID 12 "Successful auto delete of third-party root certif See in-line. "GOODAY" <GOODAY@discussions.microsoft.com> wrote in message news:4E2F0BAA-5CFD-4062-AA1A-26BF5C11056B@microsoft.com...<span style="color:blue"> > Hello Mark, > > Many thanks for your reply. > > As indicated in the original post, the example event log was from Vista</span> and<span style="color:blue"> > the event log export is exactly as shown, so event ID 12, when viewing the > application log at least, is a the certificate auto delete. ></span> I have no doubt that you gave the proper information. Just pointing out the MS doesn't associate the two. <span style="color:blue"> > The questions were > > Q - In what circumstances does URC automatically delete a 3rd party root > certificate? > > A - If I understand your reply correctly, the certificate will be deleted</span> in<span style="color:blue"> > all instances > when a user exits Internet Explorer (please confirm)</span> This is my understanding, but response differs depending upon UAC and IE 7 Protected mode setup. Additionally, some server updates to computers allow 3rd party certificates to survive when the flag discussed is set to false, .NET is disabled/uninstalled, URC is uninstalled, or the certificate is added to the Trusted repository by the user (which requires Admin rights.) This process can be automated within installation files, but not directly from the web without additional UAC interaction. Automated files would require manifests designating elevated access. <span style="color:blue"> > > Q - Are such automatic deletions specific to Vista? > A- I believe this is true, but recent changes to XP / IE7 may include the</span> same functionality? I'm not sure where the UAC/Protected mode boundary breaks this function as I have not tested it. It is discussed as being applicable to XP SP2 in the following presentation: http://msevents.microsoft.com/CUI/WebCastE...&CountryCode=US <span style="color:blue"> > > Q - Can such deletions be disabled (without disabling URC?) > A - No, user must add manually to the Trusted Root Certificate</span> Authorities<span style="color:blue"> > repository > or else disable the Update Root Certificate Component (please</span> confirm) Again, my understanding. Note: User addtion to TRCA requires Admin rights (UAC approval) MSDN/TechNet has a rather lengthy white-paper on this, but I was unable to find it again. Disabling URC is again a UAC level function accomplished either in Group Policies or by uninstallation. Several Google hits indicate that URC re-installs itself, meaning a stronger understanding is needed here on how to permanently disable it. Since I do not understand the exact situation/need, here are some additional references: Advanced Certificate Enrollment and Management: http://www.microsoft.com/technet/prodtechn...ty/advcert.mspx Active Directory Certificate Server Enhancements http://www.microsoft.com/downloads/details...&displaylang=en While these point to Windows 2003 Server and XP applicability, they are strongly crossed over into Vista. So, in the end, I only half-answered your questions. <span style="color:blue"> > > Many thanks, > > Andrew > > > > "Mark H" wrote: ><span style="color:green"> > > Some clarity is needed: > > The first assumption being made is that you are using Vista. > > (Event ID 12 is different in the various versions of windows.) > > > > In Vista, Event ID12 is the following... > > The device device_name disappeared from the system without first being > > prepared for removal. > > (A hot detach of a removable device.) > > > > Example: http://support.microsoft.com/kb/945926 > > > > > > Back to 3rd party root certificates auto-deleting... > > Are you attempting to program the effect in your application, or disable</span></span> the<span style="color:blue"><span style="color:green"> > > effect on your machine? > > CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE > > Setting this flag inhibits the auto update of third-party roots from</span></span> the<span style="color:blue"><span style="color:green"> > > Windows Update Web Server. > > Note: Unless the comuputer this certifcate is being applied to has</span></span> Server<span style="color:blue"><span style="color:green"> > > updates, this function will not work. > > > > Basics of certificate update operation: > > http://www.tech-faq.com/root-certificate-update.shtml > > (Disabling of the function may cause other problems.) > > > > Preventing auto-deletion per user requires that _each user_ add the > > certificate to the Trusted Root Certificate Authorities repository. If</span></span> this<span style="color:blue"><span style="color:green"> > > is not done, the certificate will auto-delete each time the user logs</span></span> out of<span style="color:blue"><span style="color:green"> > > Internet Explorer. > ></span></span> http://www.thebitguru.com/articles/13-Impo...Windows%20Vista<span style="color:blue"><span style="color:green"> > > > > > > > > "GOODAY" <GOODAY@discussions.microsoft.com> wrote in message > > news:E07784B4-6435-4188-862E-5B88F1769866@microsoft.com...<span style="color:darkred"> > > > Hello, > > > > > > I've been unable to find out why the Update Root Certfiicate component</span></span></span> is<span style="color:blue"><span style="color:green"><span style="color:darkred"> > > > auto deleting an auto installed 3rd party root certificate. > > > > > > Any help with the following closely related questions would be much > > > appreciated > > > > > > - In what circumstances does URC automatically delete a 3rd party root > > > certificate? > > > - Are such automatic deletions specific to Vista? > > > - Can such deletions be disabled (without disabling URC?) > > > > > > > > > For example, a Vista laptop obtains a certificate on the 2nd of July,</span></span></span> but<span style="color:blue"><span style="color:green"><span style="color:darkred"> > > > the certificate is automatically deleted on the 3rd of July. > > > > > > Here's the application event log extract. > > > > > > Level Information > > > Date and Time 02/07/2008 13:50:52 > > > Source Microsoft-Windows-CAPI2 > > > Event ID 1 > > > Task Category None > > > Description Successful auto update of third-party root</span> > > certificate::<span style="color:darkred"> > > > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign</span></span></span> nv-sa,<span style="color:blue"><span style="color:green"> > > C=BE><span style="color:darkred"> > > > Sha1 > > > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338>. > > > > > > > > > Level Information > > > Date and Time 03/07/2008 15:39:07 > > > Source Microsoft-Windows-CAPI2 > > > Event ID 12 > > > Task Category None > > > Description Successful auto delete of third-party root</span> > > certificate::<span style="color:darkred"> > > > Subject: <CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa,</span></span></span> C=BE><span style="color:blue"><span style="color:green"><span style="color:darkred"> > > > Sha1 > > > thumbprint: <2F173F7DE99667AFA57AF80AA2D1B12FAC830338> " > > > > > > > > ></span> > > > > > ></span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.