List of trusted authorities - invalid?

  • Thread starter Thread starter Vadim Rapp
  • Start date Start date
V

Vadim Rapp

Hello,

in the event log of several machines, I noticed entries about failed attempt
to download the lsit of trusted authorities from
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab .
The problem was in proxy server - I opened the port and it was then
downloaded. But while I was trying it, I actually downloaded the cab,
unpacked it, and looked at the file - certificate trust list "authroot";
when opened, it said that "this certificate trust list is not valid. The
certifiate that signed the list is not valid". Viewing the signature shows:
"The certificate is not valid for the requested usage". Should I worry?

thanks,
Vadim Rapp
 
Compare and contrast: Trusted root certificates that are required by
Windows Server 2008, by Windows Vista, by Windows Server 2003, by
Windows XP, and by Windows 2000
http://support.microsoft.com/kb/293781

Even if the certs have expired some are still needed for 'backwards
compatibility'. So no, you don't need to worry.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============
 
But they did not expire - the error seems to be that the cert is "not good
for requested usage". In which case it probably would be ignored
alltogether.

Depends though on the "requested usage" - I wonder what was it assumed to be
when I just opened to view the certificate.

Vadim

MowGreen said:
Compare and contrast: Trusted root certificates that are required by
Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows
XP, and by Windows 2000
http://support.microsoft.com/kb/293781

Even if the certs have expired some are still needed for 'backwards
compatibility'. So no, you don't need to worry.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============


Vadim said:
Hello,

in the event log of several machines, I noticed entries about failed
attempt to download the lsit of trusted authorities from
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab .
The problem was in proxy server - I opened the port and it was then
downloaded. But while I was trying it, I actually downloaded the cab,
unpacked it, and looked at the file - certificate trust list "authroot";
when opened, it said that "this certificate trust list is not valid. The
certifiate that signed the list is not valid". Viewing the signature
shows: "The certificate is not valid for the requested usage". Should I
worry?

thanks,
Vadim Rapp
 
I checked the .cab file and one of the certs has expired, Vadim. Perhaps
that's where the invalid message is stemming from.
Can recall going over the trusted certs before on another system but I
can't remember the URL where they were downloaded from.
The MS Download Center should be offering the same .cab of root certs:
http://www.microsoft.com/downloads/...0e-ee7e-435e-99f8-20b44d4531b0&DisplayLang=en

Ugh. It's an .exe. OK, just extracted it and the certs *appear* to all
be valid. Suggest you do the same or just run the .exe from a network share.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============


Vadim said:
But they did not expire - the error seems to be that the cert is "not good
for requested usage". In which case it probably would be ignored
alltogether.

Depends though on the "requested usage" - I wonder what was it assumed to be
when I just opened to view the certificate.

Vadim

Compare and contrast: Trusted root certificates that are required by
Windows Server 2008, by Windows Vista, by Windows Server 2003, by Windows
XP, and by Windows 2000
http://support.microsoft.com/kb/293781

Even if the certs have expired some are still needed for 'backwards
compatibility'. So no, you don't need to worry.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============


Vadim Rapp wrote:

Hello,

in the event log of several machines, I noticed entries about failed
attempt to download the lsit of trusted authorities from
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab .
The problem was in proxy server - I opened the port and it was then
downloaded. But while I was trying it, I actually downloaded the cab,
unpacked it, and looked at the file - certificate trust list "authroot";
when opened, it said that "this certificate trust list is not valid. The
certifiate that signed the list is not valid". Viewing the signature
shows: "The certificate is not valid for the requested usage". Should I
worry?

thanks,
Vadim Rapp
 
Back
Top