Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

expired certs


  • Please log in to reply

#1
Ectech

Ectech

    Member

  • Member
  • PipPipPip
  • 204 posts
recently i've been sorting through some common settings in an attempt to secure my computer as much as possible. in my search i came across several expired digital certificates that date back to 1997 that were issued by Microsoft, Verisign, etc. there's even one that states FRAUDULENT. so, i decided to look further and discovered that the certs have been in every version from XP up to windows 7. can anybody explain why they are included in windows if they are no longer valid. from what i know, invalid cert's are a security flaw, or are they used for some older app's?
  • 0

Advertisements


#2
usasma

usasma

    Member

  • Member
  • PipPipPip
  • 636 posts
  • MVP
Certificates are included to help you decide if you want the software that they're offering.

So if in 1997 you installed some software (and accepted the certificate) that's where it stays.
If you don't update it, it stays dated at 1997.

If you try to access that same software now, you should get an error that the certificate is expired. And Windows should attempt to help you get an updated certificate.

I'm not familiar with invalid certificates, but would expect that if they were accepted then they'd be installed on your system just as valid one's are.
  • 0

#3
Ectech

Ectech

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts
these certificates that im refering to are installed by default in all windows including windows 7. so i guess my question is more along the lines of.. why does Microsoft have non-valid certificates in an OS that was developed 12 years later? surely, they must be aware that they exist. and why are they not updated in current editions of windows? it seems to be a huge security hole that could be used for many reasons. especially ones that state fraudulent.

Edited by Ectech, 17 May 2009 - 12:11 PM.

  • 0

#4
usasma

usasma

    Member

  • Member
  • PipPipPip
  • 636 posts
  • MVP
Could you let us know the location of these certificates. I'm not familiar with them and it'll take a bit of research to see what they are.
  • 0

#5
Ectech

Ectech

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts
click start > run > type mmc > click ok

select file > add/remove snap in > in the left plane double click certificates > select computer account > click next > click finish > click ok > expand the trusted root certificate authorities > then double click and check every cert.

in windows 7 there only 1 cert listed as fraudulent but in XP & Vista there are 2.

i'd post a screenshot but i already removed them. :)

Edited by Ectech, 17 May 2009 - 01:13 PM.

  • 0

#6
Ectech

Ectech

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts
Posted Image

now that i take a closer look they are under the untrusted section, but still i know they exist in Vista and Win 7.
  • 0

#7
usasma

usasma

    Member

  • Member
  • PipPipPip
  • 636 posts
  • MVP
It's an interesting subject - and the answer wasn't available on the limited searches that I did.
FYI - type "certmgr.msc" in the Start box (without the quotes) and it'll open this dialog also.

But, here's a link that explains some of the purpose behind it: http://www.proper.co...t-cert-problem/
Interestingly, it seems as if they're deletable, but will silently reinstall themselves if a website is visited that uses that certificate.

Verisign cert's: http://support.microsoft.com/kb/834438
Root certificate program members: http://msdn.microsof...y/ms995347.aspx

This post says they're required for backwards compatibility: http://forum.soft32....opict37105.html
and provides this link: http://support.micro...kb;en-us;293781

How to remove a certificate from the Trusted Root Store (Win2K, IE5 and older): http://support.micro...om/?kbid=293819
Turn off the update function (WinXP): http://support.microsoft.com/kb/283717
  • 0

#8
Ectech

Ectech

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts
interesting finds, thanks for the info. now its time to dig a bit deeper.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP