Missing/expired certificates

[Doc.]

I'm looking for some information on precisely which update contains the
latest Trusted Root Certificates. I would've posted this in the Windows
Update group, but my news server does not carry it.

I've been having problems getting Windows Update to operate correctly
although the automatic update has, until this month, been downloading
critical updates just fine.

I've searched with Google, and it seems to be a recurring problem that
the NO LIABILITY ACCEPTED certificate from Verisign is expired.

I've checked this in MSIE (6.0.2800.1106.xpsp2.030422-1633) on my
machine, and the validity period for the certificate is 12-May-97 to 08-
Jan-04.

Other certificates which are expired and have no superceding cert are:

Verisign Commercial Software Publishers CA (exp 08-Jan-04)
Verisign Individual Software Publishers CA (exp 08-Jan-04)

I've tried several of the posted suggestions for fixing the various
update errors associated with this problem, but none have resulted in me
obtaining the current version of these certificates.

Can someone either point me to a URL where I can download the current
version of these certificates, or to the patch for MSIE which contains
them?

Please note, I work from home and I do not have access to another machine
with this certificate which is one of the frequently suggested solutions.


Doc.

 

[Wesley Vogel]

Doc;

Windows Update and Update Root Certificates are mutually
exlusive. If Update Root Certificates is turned on you will see
references to this ocasinally in the Event Viewer.

[[In Windows XP, you can use the Update Root Certificates function for this.
When you install Windows XP, Update Root Certificates is turned on by
default. With this feature turned on, if you are presented with a
certificate issued by an untrusted root authority, your computer will
contact the Windows Update Web site to see if Microsoft has added the CA to
its list of trusted authorities. If it has been added to the Microsoft list
of trusted authorities, its certificate will automatically be added to your
trusted certificate store.]]

To turn on automatic updating of trusted root authority certificates
[[In Control Panel, open Add or Remove Programs.
Click Add/Remove Windows Components.
Select the Update Root Certificates check box.
Click Next, and then click Finish.
Note
To open Add/Remove Windows Components, click Start, point to Settings, click
Control Panel, double-click Add or Remove Programs, and then click
Add/Remove Windows Components.]]
==============

Examples >>> Event Viewer.
=================
Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 7
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update retrieval of third-party root list sequence number
from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootseq.txt>

Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 2
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update retrieval of third-party root list cab from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootstl.cab>

Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 1
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update of third-party root certificate:: Subject: <OU="NO
LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service
Root, OU="VeriSign, Inc.", O=VeriSign Trust Network> Sha1 thumbprint:
<18F7C1FCC3090203FD5BAA2F861A754976C8DD25>
===

Event Category: None
Event ID: 8
Date: 2/2/2004
Time: 8:48:18 PM
User: N/A
Computer: MYPENTIUM450
Description:
Failed auto update retrieval of third-party root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootseq.txt>

 

[Doc.]

Windows Update and Update Root Certificates are mutually
exlusive. If Update Root Certificates is turned on you will see
references to this ocasinally in the Event Viewer.

Thanks for clearing that up, unfortunately it doesn't help.

I have the Update Root Certificates function running, and I see some
entries in the event viewer for it. They pretty much match with what you
posted.

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus
tedr/ en/authrootstl.cab>

The list within this cab is the same as what I currently have. When you
open it, it informs you that the list is invalid due to a signature
problem.

From a newsgroup post: "The error can occur if the auto-update feature
is disabled and the root certificate auto-update feature in Add/Remove
Programs is not removed"

I've certainly not disabled the auto-update feature, and since I didn't
get an answer this morning I've queried a few people I know by email. So
far everyone I've asked also has the same expired certificates and no
current replacements.


Doc.

 

[Wesley Vogel]

Doc;

Take a look at:
Necessary and Trusted Root Certificates
at the following:

Trusted Root Certificates That Are Required By Windows 2000, Windows XP, and
Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;293781

NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
Expiration Date: 1/7/2004
and
VeriSign Commercial Software Publishers CA
Expiration Date: 1/7/2004
=========
This article was Last Reviewed: 4/2/2004
==========

 

[Doc.]

Doc;

Take a look at:
Necessary and Trusted Root Certificates
at the following:

Trusted Root Certificates That Are Required By Windows 2000, Windows
XP, and Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;293781

I have all of the listed expired certificates, however I do not, for
example, have a current NO LIABILITY certificate. This, out of all the
various errors I've had reported by Windows Update and checked in the
troubleshooter is the only one I can't resolve. The proposed solution
was to copy the thing from a machine which had a valid cert. Valid until
2007 IIRC.

Thanks for keeping trying to help.


Doc.

 

[Wesley Vogel]

Doc;

I'm getting out. I have the same Certificates as you.

Try posting @

microsoft.public.windowsxp.security_admin

Sorry I couldn't be more help.

 

[Jason]

Doc,

Check out https://www.verisign.com/support/site/caReplacement.html

Just use the CA for IIS. Save it as a .cer and you can import it
under Internet Options, Content, and make sure to save it under
Intermidiate Cert Authority.

Hope this helps.

bIGGINS

Doc;

Windows Update and Update Root Certificates are mutually
exlusive. If Update Root Certificates is turned on you will see
references to this ocasinally in the Event Viewer.

[[In Windows XP, you can use the Update Root Certificates function for this.
When you install Windows XP, Update Root Certificates is turned on by
default. With this feature turned on, if you are presented with a
certificate issued by an untrusted root authority, your computer will
contact the Windows Update Web site to see if Microsoft has added the CA to
its list of trusted authorities. If it has been added to the Microsoft list
of trusted authorities, its certificate will automatically be added to your
trusted certificate store.]]

To turn on automatic updating of trusted root authority certificates
[[In Control Panel, open Add or Remove Programs.
Click Add/Remove Windows Components.
Select the Update Root Certificates check box.
Click Next, and then click Finish.
Note
To open Add/Remove Windows Components, click Start, point to Settings, click
Control Panel, double-click Add or Remove Programs, and then click
Add/Remove Windows Components.]]
==============

Examples >>> Event Viewer.
=================
Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 7
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update retrieval of third-party root list sequence number
from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootseq.txt>

Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 2
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update retrieval of third-party root list cab from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootstl.cab>

Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 1
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update of third-party root certificate:: Subject: <OU="NO
LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service
Root, OU="VeriSign, Inc.", O=VeriSign Trust Network> Sha1 thumbprint:
<18F7C1FCC3090203FD5BAA2F861A754976C8DD25>
===

Event Category: None
Event ID: 8
Date: 2/2/2004
Time: 8:48:18 PM
User: N/A
Computer: MYPENTIUM450
Description:
Failed auto update retrieval of third-party root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootseq.txt>
---
From a newsgroup post: "The error can occur if the auto-update feature is
disabled and the root certificate auto-update feature in Add/Remove Programs
is not removed"

--
Hope this helps. Let us know.
Wes

In

I'm looking for some information on precisely which update contains
the latest Trusted Root Certificates. I would've posted this in the
Windows Update group, but my news server does not carry it.

I've been having problems getting Windows Update to operate correctly
although the automatic update has, until this month, been downloading
critical updates just fine.

I've searched with Google, and it seems to be a recurring problem that
the NO LIABILITY ACCEPTED certificate from Verisign is expired.

I've checked this in MSIE (6.0.2800.1106.xpsp2.030422-1633) on my
machine, and the validity period for the certificate is 12-May-97 to
08- Jan-04.

Other certificates which are expired and have no superceding cert are:

Verisign Commercial Software Publishers CA (exp 08-Jan-04)
Verisign Individual Software Publishers CA (exp 08-Jan-04)

I've tried several of the posted suggestions for fixing the various
update errors associated with this problem, but none have resulted in
me obtaining the current version of these certificates.

Can someone either point me to a URL where I can download the current
version of these certificates, or to the patch for MSIE which contains
them?

Please note, I work from home and I do not have access to another
machine with this certificate which is one of the frequently
suggested solutions.


Doc.

 

[Wesley Vogel]

What are you, a time traveller?

--
Hope this helps. Let us know.
Wes

In

Doc,

Check out https://www.verisign.com/support/site/caReplacement.html

Just use the CA for IIS. Save it as a .cer and you can import it
under Internet Options, Content, and make sure to save it under
Intermidiate Cert Authority.

Hope this helps.

bIGGINS

Doc;

Windows Update and Update Root Certificates are mutually
exlusive. If Update Root Certificates is turned on you will see
references to this ocasinally in the Event Viewer.

[[In Windows XP, you can use the Update Root Certificates function
for this. When you install Windows XP, Update Root Certificates is
turned on by default. With this feature turned on, if you are
presented with a certificate issued by an untrusted root authority,
your computer will contact the Windows Update Web site to see if
Microsoft has added the CA to its list of trusted authorities. If it
has been added to the Microsoft list of trusted authorities, its
certificate will automatically be added to your trusted certificate
store.]]

To turn on automatic updating of trusted root authority certificates
[[In Control Panel, open Add or Remove Programs.
Click Add/Remove Windows Components.
Select the Update Root Certificates check box.
Click Next, and then click Finish.
Note
To open Add/Remove Windows Components, click Start, point to
Settings, click Control Panel, double-click Add or Remove Programs,
and then click Add/Remove Windows Components.]]
==============

Examples >>> Event Viewer.
=================
Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 7
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update retrieval of third-party root list sequence
number from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootseq.txt>

Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 2
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update retrieval of third-party root list cab from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootstl.cab>

Event Type: Information
Event Source: crypt32
Event Category: None
Event ID: 1
Date: 1/30/2004
Time: 4:31:55 PM
User: N/A
Computer: MYPENTIUM450
Description:
Successful auto update of third-party root certificate:: Subject:
<OU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time
Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust
Network> Sha1 thumbprint: <18F7C1FCC3090203FD5BAA2F861A754976C8DD25>
===

Event Category: None
Event ID: 8
Date: 2/2/2004
Time: 8:48:18 PM
User: N/A
Computer: MYPENTIUM450
Description:
Failed auto update retrieval of third-party root list sequence
number from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/
en/authrootseq.txt> ---
From a newsgroup post: "The error can occur if the auto-update
feature is disabled and the root certificate auto-update feature in
Add/Remove Programs is not removed"

--
Hope this helps. Let us know.
Wes

In

I'm looking for some information on precisely which update contains
the latest Trusted Root Certificates. I would've posted this in the
Windows Update group, but my news server does not carry it.

I've been having problems getting Windows Update to operate
correctly although the automatic update has, until this month, been
downloading critical updates just fine.

I've searched with Google, and it seems to be a recurring problem
that the NO LIABILITY ACCEPTED certificate from Verisign is expired.

I've checked this in MSIE (6.0.2800.1106.xpsp2.030422-1633) on my
machine, and the validity period for the certificate is 12-May-97 to
08- Jan-04.

Other certificates which are expired and have no superceding cert
are:

Verisign Commercial Software Publishers CA (exp 08-Jan-04)
Verisign Individual Software Publishers CA (exp 08-Jan-04)

I've tried several of the posted suggestions for fixing the various
update errors associated with this problem, but none have resulted
in me obtaining the current version of these certificates.

Can someone either point me to a URL where I can download the
current version of these certificates, or to the patch for MSIE
which contains them?

Please note, I work from home and I do not have access to another
machine with this certificate which is one of the frequently
suggested solutions.


Doc.