List of trusted authorities - invalid?

V

Vadim Rapp

Hello,

in the event log of several machines, I noticed entries about failed attempt
to download the lsit of trusted authorities from
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab .
The problem was in proxy server - I opened the port and it was then
downloaded. But while I was trying it, I actually downloaded the cab,
unpacked it, and looked at the file - certificate trust list "authroot";
when opened, it said that "this certificate trust list is not valid. The
certifiate that signed the list is not valid". Viewing the signature shows:
"The certificate is not valid for the requested usage". Should I worry?

thanks,
Vadim Rapp
 
M

MowGreen [MVP]

Compare and contrast: Trusted root certificates that are required by
Windows Server 2008, by Windows Vista, by Windows Server 2003, by
Windows XP, and by Windows 2000
http://support.microsoft.com/kb/293781

Even if the certs have expired some are still needed for 'backwards
compatibility'. So no, you don't need to worry.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
 
V

Vadim Rapp

But they did not expire - the error seems to be that the cert is "not good
for requested usage". In which case it probably would be ignored
alltogether.

Depends though on the "requested usage" - I wonder what was it assumed to be
when I just opened to view the certificate.

Vadim

MowGreen said:
Compare and contrast: Trusted root certificates that are required by
Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows
XP, and by Windows 2000
http://support.microsoft.com/kb/293781

Even if the certs have expired some are still needed for 'backwards
compatibility'. So no, you don't need to worry.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============


Vadim said:
Hello,

in the event log of several machines, I noticed entries about failed
attempt to download the lsit of trusted authorities from
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab .
The problem was in proxy server - I opened the port and it was then
downloaded. But while I was trying it, I actually downloaded the cab,
unpacked it, and looked at the file - certificate trust list "authroot";
when opened, it said that "this certificate trust list is not valid. The
certifiate that signed the list is not valid". Viewing the signature
shows: "The certificate is not valid for the requested usage". Should I
worry?

thanks,
Vadim Rapp
 
M

MowGreen [MVP]

I checked the .cab file and one of the certs has expired, Vadim. Perhaps
that's where the invalid message is stemming from.
Can recall going over the trusted certs before on another system but I
can't remember the URL where they were downloaded from.
The MS Download Center should be offering the same .cab of root certs:
http://www.microsoft.com/downloads/...0e-ee7e-435e-99f8-20b44d4531b0&DisplayLang=en

Ugh. It's an .exe. OK, just extracted it and the certs *appear* to all
be valid. Suggest you do the same or just run the .exe from a network share.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============


Vadim said:
But they did not expire - the error seems to be that the cert is "not good
for requested usage". In which case it probably would be ignored
alltogether.

Depends though on the "requested usage" - I wonder what was it assumed to be
when I just opened to view the certificate.

Vadim

Compare and contrast: Trusted root certificates that are required by
Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows
XP, and by Windows 2000
http://support.microsoft.com/kb/293781

Even if the certs have expired some are still needed for 'backwards
compatibility'. So no, you don't need to worry.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============


Vadim Rapp wrote:

Hello,

in the event log of several machines, I noticed entries about failed
attempt to download the lsit of trusted authorities from
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab .
The problem was in proxy server - I opened the port and it was then
downloaded. But while I was trying it, I actually downloaded the cab,
unpacked it, and looked at the file - certificate trust list "authroot";
when opened, it said that "this certificate trust list is not valid. The
certifiate that signed the list is not valid". Viewing the signature
shows: "The certificate is not valid for the requested usage". Should I
worry?

thanks,
Vadim Rapp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top