
expired certs
Started by
Ectech
, May 17 2009 08:31 AM
#1
Posted 17 May 2009 - 08:31 AM

#2
Posted 17 May 2009 - 09:49 AM

Certificates are included to help you decide if you want the software that they're offering.
So if in 1997 you installed some software (and accepted the certificate) that's where it stays.
If you don't update it, it stays dated at 1997.
If you try to access that same software now, you should get an error that the certificate is expired. And Windows should attempt to help you get an updated certificate.
I'm not familiar with invalid certificates, but would expect that if they were accepted then they'd be installed on your system just as valid one's are.
So if in 1997 you installed some software (and accepted the certificate) that's where it stays.
If you don't update it, it stays dated at 1997.
If you try to access that same software now, you should get an error that the certificate is expired. And Windows should attempt to help you get an updated certificate.
I'm not familiar with invalid certificates, but would expect that if they were accepted then they'd be installed on your system just as valid one's are.
#3
Posted 17 May 2009 - 12:09 PM

these certificates that im refering to are installed by default in all windows including windows 7. so i guess my question is more along the lines of.. why does Microsoft have non-valid certificates in an OS that was developed 12 years later? surely, they must be aware that they exist. and why are they not updated in current editions of windows? it seems to be a huge security hole that could be used for many reasons. especially ones that state fraudulent.
Edited by Ectech, 17 May 2009 - 12:11 PM.
#4
Posted 17 May 2009 - 12:58 PM

Could you let us know the location of these certificates. I'm not familiar with them and it'll take a bit of research to see what they are.
#5
Posted 17 May 2009 - 01:12 PM

click start > run > type mmc > click ok
select file > add/remove snap in > in the left plane double click certificates > select computer account > click next > click finish > click ok > expand the trusted root certificate authorities > then double click and check every cert.
in windows 7 there only 1 cert listed as fraudulent but in XP & Vista there are 2.
i'd post a screenshot but i already removed them.
select file > add/remove snap in > in the left plane double click certificates > select computer account > click next > click finish > click ok > expand the trusted root certificate authorities > then double click and check every cert.
in windows 7 there only 1 cert listed as fraudulent but in XP & Vista there are 2.
i'd post a screenshot but i already removed them.

Edited by Ectech, 17 May 2009 - 01:13 PM.
#6
Posted 17 May 2009 - 01:43 PM


now that i take a closer look they are under the untrusted section, but still i know they exist in Vista and Win 7.
#7
Posted 17 May 2009 - 02:27 PM

It's an interesting subject - and the answer wasn't available on the limited searches that I did.
FYI - type "certmgr.msc" in the Start box (without the quotes) and it'll open this dialog also.
But, here's a link that explains some of the purpose behind it: http://www.proper.co...t-cert-problem/
Interestingly, it seems as if they're deletable, but will silently reinstall themselves if a website is visited that uses that certificate.
Verisign cert's: http://support.microsoft.com/kb/834438
Root certificate program members: http://msdn.microsof...y/ms995347.aspx
This post says they're required for backwards compatibility: http://forum.soft32....opict37105.html
and provides this link: http://support.micro...kb;en-us;293781
How to remove a certificate from the Trusted Root Store (Win2K, IE5 and older): http://support.micro...om/?kbid=293819
Turn off the update function (WinXP): http://support.microsoft.com/kb/283717
FYI - type "certmgr.msc" in the Start box (without the quotes) and it'll open this dialog also.
But, here's a link that explains some of the purpose behind it: http://www.proper.co...t-cert-problem/
Interestingly, it seems as if they're deletable, but will silently reinstall themselves if a website is visited that uses that certificate.
Verisign cert's: http://support.microsoft.com/kb/834438
Root certificate program members: http://msdn.microsof...y/ms995347.aspx
This post says they're required for backwards compatibility: http://forum.soft32....opict37105.html
and provides this link: http://support.micro...kb;en-us;293781
How to remove a certificate from the Trusted Root Store (Win2K, IE5 and older): http://support.micro...om/?kbid=293819
Turn off the update function (WinXP): http://support.microsoft.com/kb/283717
#8
Posted 17 May 2009 - 02:32 PM

interesting finds, thanks for the info. now its time to dig a bit deeper.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:






