Guest Vadim Rapp Posted November 4, 2008 Posted November 4, 2008 Hello, in the event log of several machines, I noticed entries about failed attempt to download the lsit of trusted authorities from http://www.download.windowsupdate.com/msdo...authrootstl.cab . The problem was in proxy server - I opened the port and it was then downloaded. But while I was trying it, I actually downloaded the cab, unpacked it, and looked at the file - certificate trust list "authroot"; when opened, it said that "this certificate trust list is not valid. The certifiate that signed the list is not valid". Viewing the signature shows: "The certificate is not valid for the requested usage". Should I worry? thanks, Vadim Rapp Quote
Guest MowGreen [MVP] Posted November 4, 2008 Posted November 4, 2008 Compare and contrast: Trusted root certificates that are required by Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows XP, and by Windows 2000 http://support.microsoft.com/kb/293781 Even if the certs have expired some are still needed for 'backwards compatibility'. So no, you don't need to worry. MowGreen [MVP 2003-2009] =============== -343- FDNY Never Forgotten =============== Vadim Rapp wrote: <span style="color:blue"> > Hello, > > in the event log of several machines, I noticed entries about failed attempt > to download the lsit of trusted authorities from > http://www.download.windowsupdate.com/msdo...authrootstl.cab . > The problem was in proxy server - I opened the port and it was then > downloaded. But while I was trying it, I actually downloaded the cab, > unpacked it, and looked at the file - certificate trust list "authroot"; > when opened, it said that "this certificate trust list is not valid. The > certifiate that signed the list is not valid". Viewing the signature shows: > "The certificate is not valid for the requested usage". Should I worry? > > thanks, > Vadim Rapp > > </span> Quote
Guest Vadim Rapp Posted November 4, 2008 Posted November 4, 2008 But they did not expire - the error seems to be that the cert is "not good for requested usage". In which case it probably would be ignored alltogether. Depends though on the "requested usage" - I wonder what was it assumed to be when I just opened to view the certificate. Vadim "MowGreen [MVP]" <mowgreen@nowandzen.com> wrote in message news:u$V14WqPJHA.4680@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > Compare and contrast: Trusted root certificates that are required by > Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows > XP, and by Windows 2000 > http://support.microsoft.com/kb/293781 > > Even if the certs have expired some are still needed for 'backwards > compatibility'. So no, you don't need to worry. > > MowGreen [MVP 2003-2009] > =============== > -343- FDNY > Never Forgotten > =============== > > > Vadim Rapp wrote: ><span style="color:green"> >> Hello, >> >> in the event log of several machines, I noticed entries about failed >> attempt to download the lsit of trusted authorities from >> http://www.download.windowsupdate.com/msdo...authrootstl.cab . >> The problem was in proxy server - I opened the port and it was then >> downloaded. But while I was trying it, I actually downloaded the cab, >> unpacked it, and looked at the file - certificate trust list "authroot"; >> when opened, it said that "this certificate trust list is not valid. The >> certifiate that signed the list is not valid". Viewing the signature >> shows: "The certificate is not valid for the requested usage". Should I >> worry? >> >> thanks, >> Vadim Rapp </span></span> Quote
Guest MowGreen [MVP] Posted November 4, 2008 Posted November 4, 2008 I checked the .cab file and one of the certs has expired, Vadim. Perhaps that's where the invalid message is stemming from. Can recall going over the trusted certs before on another system but I can't remember the URL where they were downloaded from. The MS Download Center should be offering the same .cab of root certs: http://www.microsoft.com/downloads/details...&DisplayLang=en Ugh. It's an .exe. OK, just extracted it and the certs appear to all be valid. Suggest you do the same or just run the .exe from a network share. MowGreen [MVP 2003-2009] =============== -343- FDNY Never Forgotten =============== Vadim Rapp wrote: <span style="color:blue"> > But they did not expire - the error seems to be that the cert is "not good > for requested usage". In which case it probably would be ignored > alltogether. > > Depends though on the "requested usage" - I wonder what was it assumed to be > when I just opened to view the certificate. > > Vadim > > "MowGreen [MVP]" <mowgreen@nowandzen.com> wrote in message > news:u$V14WqPJHA.4680@TK2MSFTNGP06.phx.gbl... > <span style="color:green"> >>Compare and contrast: Trusted root certificates that are required by >>Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows >>XP, and by Windows 2000 >>http://support.microsoft.com/kb/293781 >> >>Even if the certs have expired some are still needed for 'backwards >>compatibility'. So no, you don't need to worry. >> >>MowGreen [MVP 2003-2009] >>=============== >> -343- FDNY >>Never Forgotten >>=============== >> >> >>Vadim Rapp wrote: >> >><span style="color:darkred"> >>>Hello, >>> >>>in the event log of several machines, I noticed entries about failed >>>attempt to download the lsit of trusted authorities from >>>http://www.download.windowsupdate.com/msdo...authrootstl.cab . >>>The problem was in proxy server - I opened the port and it was then >>>downloaded. But while I was trying it, I actually downloaded the cab, >>>unpacked it, and looked at the file - certificate trust list "authroot"; >>>when opened, it said that "this certificate trust list is not valid. The >>>certifiate that signed the list is not valid". Viewing the signature >>>shows: "The certificate is not valid for the requested usage". Should I >>>worry? >>> >>>thanks, >>>Vadim Rapp </span></span> > > > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.