Over 1 million tech questions and answers.

Update for Root Certificates

Q: Update for Root Certificates

Hi,
Actually, due to proxy problems, we have prohibited Windows clients from automatically updating their Trusted Root Certificates Authorities. We manage this by deploying the "Update for Root Certificates [November 2009] (KB931125)" update using WSUS.
Most of our workstations are Windows XP, and now we are working on deploying Windows 7. How can we handle the problem described above? I mean, the Update for Root Certificates is designed for Windows XP. I see that Windows 7 workstations won't receive it from WSUS. We tried to manually install the update on some machines and it worked, but it will be a hard task to update all machines manually :o)
Tks in advance,Eduardo

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Update for Root Certificates

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 81.6

Microsoft Article ID: 931125The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products...http://support.microsoft.com/kb/931125You can get this update by running Windows Update.

Read other answers
RELEVANCY SCORE 81.6

I want to integrate current certificates (root, disallowed) into Windows 7 installation ISO.
How to do it (DISM?) and what cert files do I need:
404 - File or directory not found.
http://ctldl.windowsupdate.com/msdow...uthrootstl.cab
http://ctldl.windowsupdate.com/msdow...wedcertstl.cab
?

Read other answers
RELEVANCY SCORE 81.6

I am running win2k SP4.
I tried to install update for root certificates
Root Certificates Update
Download size: 189 KB, < 1 minute
This item updates the list root certificates on your computer to the latest list that is accepted by Microsoft as part of the Microsoft Root Certificate Program. Adding additional root certificates to your computer enables a greater range of security-enhanced Web browsing, secure e-mail, and secure code delivery applications to work seamlessly. This update includes root certificates from Verisign, Thawte, and Post.Trust in Ireland. Read more...
Click to expand...

It wouldn't install, and I've reviewed and tried to install 4 times now. I can't see link to read more as I just get 'page cannot be displayed. Can someone suggest something?
Thanks in advance for any help.
 

A:Windows update for root certificates

^^^BUMP^^^

Anyone?
 

Read other 1 answers
RELEVANCY SCORE 78.8

OS: xp pro, sp2
2nd party OEM install-- I do not have installation disk nor CD-ROM i386 image
computer: dell optiplex, bought used

Original problem began when I was trying to fix an incomplete TrendMicro subscription install. Their tech support had me uninstall/reinstall using several methods. None resulted in a complete install. I resorted to self-help and read on their Q&A about some drivers failing to install due to a corrupted digital signature database. The recommended fix was to update Root Certificates in the Control Panel add/remove Windows Components.
During the update process, a window message popped up: "setup was unable to build the list of files to copy for MSN Explorer. The specific error code is 0xe0000102. Setup will continue but component may not function properly."
The message was right-- MSN Explorer doesn't function at all. Worse, thinking I could maybe fix MSN Explorer by uninstalling/reinstalling, I discovered the Control Panel add/remove Programs is broken, too; some additional MS programs are shown sans accompanying install dates/sizes. A safe mode system restore did not fix either problem, but did generate a duplicate of the faulty MSN folder. Good news is that IE7 seems to be ok, so I've done a lot of reading.
I have found multiple i386 folders on C:\ --one in Windows\Driver Cache, three in Windows\system32\Reinstallbackups\xxxx\driver files, two in ProgramFiles\Java\ and one in Windows\ServicePack in which I see setup.exe ... Read more

Read other answers
RELEVANCY SCORE 78

For the past two weeks I have been having problems with MS Update Site. I would attempt to scan for updates and only get 0-100% quick scan not giving me anything to update.

To make things worse, I started to get a bunch of root certificates pop up like mad every time I wanted to access a site, strangely I would get it from Hotmail, WAMU, Citibank.... You would think these would be the least....

Lastly, I noticed every time I would attempt to cookie my sign in say for example "techguy.org" or any other tech support site.. I wouldn't work. That really started to annoy me. Today while surfing the virtualdr boards, I found a thread relating to this problem. To my surprise the solution was very easy...

The problem was all in the date and year of my PC. I had Nov 29, 2019! The thread continued on how having an invalid date would mess with your cookies. So I corrected, restarted, checked BIOS, fired up XP and BAM! Everything was fixed.... Updated via MS updater, no more root pop ups and cookied like a good cookie should do
CHEERS

~R~
 

Read other answers
RELEVANCY SCORE 66.4

yesterday i posted a question,and i didnt recieve any feedback. i dont know if i didnt explain it good enough or what,but anyway,all i wanted too know was how too update my root certificates in windows 98se.
 

A:root certificates

Have you gone to the Microsoft Windows Update site? You can also go here and install a new root certificate, and also read all about it. https://www.verisign.com/support/site/update.html
 

Read other 1 answers
RELEVANCY SCORE 65.6

I run Win XP/Home SP 2 and I use OE 6 and Firefox 1.5. I also have installed AVG Free 7.1.375; Spybot v. 1.3; Ad-Aware SE v. 1.06r1

I recently decided to carefully examine the Internet Options I have enabled. I selected “Trusted Root Certification Authorities”:

Control Panel/Internet Options/Content/Publishers/Trusted Root Certification Authorities

and was considerably surprised. There were a large number of entries, most of which I could not identify (a smaller list with identical names appears under the “Intermediate Trusted Authorities” tab). Many were not even in English. I went through the list, clicking on each one to identify the “Certificate intended purposes.” Here is the list of purposes displayed (which I did not find helpful on identifying the source):

Secure Email, Server Authentication

Secure Email, Client Authentication, Code Signing

Secure Email, Client Authentication, Code Signing, Server Authentication

Time Stamping

Server Authentication, Client Authentication, Code Signing, Secure Email, Time Stamping

Server Authentication

Aside from a few certificates from Microsoft, most were not identifiable, not even those with the “Client Authentication” purpose. Not even clicking on the “View” button helped me identify them. I assume that some, if not all, of these certificates were stored when I connected to a site that is protected in some way and the dialog box that includes “accept for this session only” was displayed—which occurs frequently... Read more

Read other answers
RELEVANCY SCORE 65.2

Hello,

I work for a company that use a disconnected network.
We have recently, I know a  bit late, implemented the new recommended way of pushing down root certificates to the network.
However, before this new recommended way of providing machines with root certificates was introduced, as you are aware, Microsoft included them in KB's such as KB931125.
This KB installed the Root Certificates to the local store on the machine. Which was fine at the time as when a new KB for root certificates was released, it would removed expired certificates and introduced new ones if needed.
Now the issue we are experiencing is, now that we are using the new way of pushing down Root Certificates (via Group Policy), we want to be able to remove the locally stored certificates to keep the certmgr.msc clean and uncluttered.
With the locally stored root certificates &  GPO applied, we see around 748 certificates. This is because there are duplicates & old certificates on the local store.
Without the locally stored root certificates & GPO applied, we see around 360 certificates.

Is there a way of doing this via a script that we can advertise to machines?

Many thanks. 

Read other answers
RELEVANCY SCORE 65.2

I have been offered an optional update for root certificates for Windows Vista. Should I install it.

A:Root certificates for Windows Vista

Yes - In my opinion it should be uprated to a critical update!

Read other 3 answers
RELEVANCY SCORE 64.4

After deleting expired root certificates, I cannot open any of my word documents! All I get an un-numbered error saying that the "file is not available".

Also, if I create a new document and save it, I will not be able to access it afterwards. All I get is the above message.

Can anyone help me?
 

A:Problems after deleting expired root certificates

Read other 11 answers
RELEVANCY SCORE 64.4

SOmetime i face issues with the root certificates on a newly deployed machine.
Once the fully patches image is deployed and joined the domain -- gets all policies etc 
somehow when i browse internet https://google.com or lets say https://bing.com i get certificate errors in IE
We use Windows 7 X64 Ent -- Fully patched
What i realized on the system where i faced this issue is it is missing the 
Equifax Secure Cert Auth / Geo Trust / DigiCert Baltimore Root  
From trusted Root Certificate store

I am not sure why this should happen on a fully patched system and why only on some all the machines are deployed form the same image.
Any advice on how i can get the trusted Root certs -- i do not want to manulaly import each cert 1 by one.

Read other answers
RELEVANCY SCORE 63.6

We have client machines on IE11 that cannot connect to common websites using https (Facebook, Reddit etc.) because they do not have the Trusted Root Certs installed.
Until 2014 Microsoft released updates to Trusted Root Certificates via KB patches.
Since then they have advised customers to rely upon the process of Windows Update connecting to Microsoft servers to process the CTL (Certificate Trust Lists).
Question 1: Are clients sitting behind a proxy server able to download and process these lists? Our client machines clearly show that they are not able to resolve the update servers, so I assume not.
According to this article from 2014 - https://technet.microsoft.com/en-gb/library/dn265983.aspx

"The list of trusted root certificates is available as a self-extracting IEXPRESS package in the Microsoft Download Center, the Windows catalog, or by using Windows Server Update Services (WSUS). IEXPRESS packages are released at the same time as the trusted
CTL."
Question 2: Where can I find that/any of those packages?? They are not easy to find, evidently I am searching for the wrong thing via Google/Bing/Windows Update Catalog
If the latter does not/no longer exists, how do we obtain new/replacement Trusted Root Certs, and how should we distribute them around our estate?

Read other answers
RELEVANCY SCORE 63.6

Hello,

I am dealing with big problem on multiple workstations in our company. Many Windows 7 computers and one Windows XP computer have all Root CA certificates not trusted so I cannot import new certificate generate by Certification Authority in our Country.

I noticed this problem recently and after two days on google I couldn't find solution to this.

If I open mmc and select Certificates - > Computer -> Trusted Root Certification Authorities I see all certs on computer but after I check any they show this in General info about Cert:

This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

Or:

This root certificate appears to be trusted by the remote computer. To ensure this root certificate is valid on the remote computer, verify this root certificate on that computer.

This goes for all certs (Microsoft, Thawte, Go Daddy, GeoTrust...) and even for our certificates generated by our internal CA.

We push only Critical and Security Updates from our wsus server. Affected computers have installed all updates.

We have firewall and don't allow full access to internet but I tried to give one computer with this issue full access to internet and reboot couple times but that didn't help.

Screenshots: http://imgur.com/a/HCGWo

Read other answers
RELEVANCY SCORE 62.8

Hi.

We have many trusted root and intermediate certificates in the cert's store by default. Where to check these lists? To exclude "not default", "maybe potentially mаlware" root certs.

A:Trusted Root&Intermediate system certificates. Where check the list?

You can find certs as shown in the guide here: https://www.sslshopper.com/move-or-c...ws-server.html

Read other 9 answers
RELEVANCY SCORE 62.4

http://download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe 
to the point this link is dead, where can i alternative download this 

Read other answers
RELEVANCY SCORE 52.8

I am running Windows 7 64 bit and have a problem I can't correct. I have certain business websites that I am utilizing that shows a warning that the certificates is outdated. How can I update the certification or check to see if the company has in fact updated their sites certification.

A:Certificates outdated. How do I update?

Make sure your computer date is correct.

Read other 1 answers
RELEVANCY SCORE 52

Hiya

The previous VeriSign 128-bit International (Global) Server Intermediate certification authority certificate expired on January 7, 2004. This may cause problems for clients that try to establish server-authenticated secure socket layer (SSL) connections with Web servers and other SSL/Transport Layer Security (TLS)-enabled applications that do not have up-to-date certificates.

To prevent these problems, Microsoft Internet Information Services (IIS) operators should contact VeriSign to update the intermediate certification authority certificates for servers that use 128-bit SSL to connect to Web sites with the Secure Hypertext Transfer Protocol.
Affected software

Microsoft Internet Information Server
Microsoft Internet Security and Acceleration Server
Microsoft Exchange
Microsoft SQL Server
http://support.microsoft.com/default.aspx?scid=KB;EN-US;834438

Regards

eddie
 

Read other answers
RELEVANCY SCORE 52

If you don't have automatic updating enabled, you should visit Windows Updates to get this patch; http://technet.microsoft.com/en-us/security/advisory/2641690

Note that these are NOT certificates obtained by hacking into CA servers, but they are weakly encrypted and so could be used fraudulently.
 

Read other answers
RELEVANCY SCORE 51.6

HI
Since performing the Anniversary Update 3 days ago, I have been unable to access my digital certificates used for identification and signing emails.

When I try to access a site that I need the certificate for, I now get the message that no certificate has been received and in Windows Live Mail, the Signature icon is greyed out and I can't sign the emails. Everything worked fine on Thursday, a few hours before the update and the same certificates work correctly on my wife's Windows 7 machine.

The certificates all appear correct in the Certificate Store.

Anyone have any ideas, please?

Thanks

Dave

Edit. I have just spent an hour checking the certificates and their locations. These are all correct, so I assume that the system is looking for them inthe wrong place. Any suggestions. Microsoft insist it is 3 different web sites and Windows Live mail that have the problem not Windows 10, although they had no answer for why everything still works as it should under Windows 7

Read other answers
RELEVANCY SCORE 50.8

This started happening yesterday that I noticed. Youtube gives me a privacy error and the certificate says issued by vps.urfashionstore.com (never even heard if the site before) Google will not load and under certificates it's listed as untrusted and fraudulent. 
 
And just within the last 10 minutes a new "Update your flash player" warning pops up which I have seen before about a year ago and it seemed to make its way through every device connected to our router including smart phones.
 
I REALLY don't  want to have to reformat every computer in the house again, any help would be greatly appreciated. 
 
Edited to add: These errors happen with Chrome, Firefox, and IE. I've also run Malwarebytes, adwcleaner, and full system scans with bitdefender on all three computers several times in the last two days.

A:SSL certificates wrong. Update your flash player warning.

Hello Daienara and welcome to BleepingComputer!    
 
My name is Sirawit and I'm here to help you.
 
Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.
 
If I don't reply after 2 days, feel free to PM me.     
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy t... Read more

Read other 35 answers
RELEVANCY SCORE 50

Hi,

I have tried to find this already but cant find much. If I have missed it please link me through.

Our situation:

Internal Domain: company.com.au
Old Mail Domain: companyemail.com.au
New Mail Domain: newcompanyemail.com.au

Our company went through a reband. We are at the moment keeping the same internal domain. We have updated the mail domain to use the newcompany.com.au domain. ActiveSync, OWA and alike however are still refering to email.companyemail.com.au

What are the steps that I need to work through to change this over to email.newcompanyemail.com.au? If it wasnt for ActiveSync I assume this is an easy change. Activesync worries me as if I change the certificate that Exchange uses for IIS will all current
clients that access it via the server URL of newcompanyemail.com.au break due to a certificate mismatch?

We are keeping all old companyemail.com.au DNS entries both public and internal.

Cheers,




Zac Avramides

Read other answers
RELEVANCY SCORE 46

Hi there.
I have a laptop running XP Home. IE7 would not install ... and along with it, somethig called Root Certificate Update.
I did some Googling, and the places I found wanted me to find GPEDIT and GPMS.msc (spelling on that one could be wrong) but the computer said these did not exist.

I even successfully installed SP3. All other areas seem to be working fine. It just wil not install that root thing an IE7.

Please adivse.

Thank you.
Don in Tucson
AizA
 

A:IE6 and root certificate update

Have you tried installing the root certificate update separately from IE7? If you run a manual Windows Update and use the "Custom" update option, you can uncheck IE7 and leave the root certificate update selected. Then, install that update and see what happens.

Peace...
 

Read other 2 answers
RELEVANCY SCORE 46

WinXP just notified me of a "Root Certificate Update"
What exactly is this and is it something I should go ahead and install?
 

A:Root Certificate Update

Yes, it's the updated security certificates for some sites and services.
 

Read other 3 answers
RELEVANCY SCORE 45.2

Yoga Laptop (ThinkPad) - Machine Type 20C0, Model S15F00 My USB ports and touch screeen are not working and there is a yellow exlamation on the USB Root Hub emblem under device manager. I attempted updating driver but says it's unable to find device update information. USB ports still provide power but do not communicate. Screen will work with stylus/pen but will not respond to touch. I am interning in Switzerland and unfortunately do not have access to warranty providers here, so any help would be greatly appreciated. -Steve

Read other answers
RELEVANCY SCORE 45.2

Good day,

I work for a company that uses an ethernet connection and a netgear switch to connect a bunch of trucks together, and then software on the main computer to control all the different trucks and display the data off the trucks, rates, pressures, engine diagnostics etc.

Lately I have had an issue with the software on the main computer locking up. When I checked the event viewer the last couple of times I had a crypt32 error right around the time the software froze. Now I understand why this is happening, because windows is trying to update the root certificates, and I'm not connected to the internet.

The questions I have are:

Do you think it's possible that windows trying to update the root certificates could interfere with the connection between the main computer and the pumps, even for just a split second, to interrupt the software?

And also how would I go about trying to recreate the windows certificate update to see if I can make this issue happen again? Is there a program that runs to update the certificates? I've tried searching the internet and can't find a name or anything. This is the most important part of these questions. Recreating this issue and seeing if it shows up in the event viewer is of the utmost importance to me.

Any help would be greatly appreciated,

Thanks.

Read other answers
RELEVANCY SCORE 45.2

Is there an update to automatically extract and install the root CA for a client certificate(private) in Windows 7? Please reply to this thread immediately if anyone comes up with the solution..

Thank u in advance.

A:Update to automatically extract and install root CA

I believe that is a server function only not Windows 7. Anyone??

Read other 1 answers
RELEVANCY SCORE 44.8

Hi,
 
I keep getting fake update popups trying to get me to install updates for Firefox, Adobe flash etc.  I tried uninstalling firefox and reinstalling it again but the problem keeps occuring.  I see nothing suspicious under add/remove programs as well.  Please help.
 
Alicia.
 
---
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.60.2
Run by aliciaswr at 15:52:20 on 2014-11-09
Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.4078.1587 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Sy... Read more

A:Infected with fake update popups and can't find the root of it.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555348 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

I have discovered a huge number of similar files in the root directory of my C drive.  They all have names that start with "UDMFT" and end in 6 digits. The first one is 2,836,257 KB; and all the others are 1KB.  There is no extension on any of them.  I have looked at a couple of the smaller ones with Notepad, but they are unintelligible.  They were all created on 1/18/2015.
 
The second thing I wanted to ask about is all the TEMP***ROOT folders in the root directory.  The asterisks represent what mostly looks like filename extensions.  Almost all of them were created in March of 2014. I think this was when we were cleaning malware from this laptop.  I tried to find the topic, but couldn't.  I hesitate to say who I think was helping me, because I'm not 100% sure.
 
Can I safely delete these Temp folders?
 

A:Strange files in Root Directory amd multiple Temp***root folders

Don't delete things manually you might break something. To help clean up a lot of this stuff you right click your C drive. Go to properties under general tab 'disk cleanup' and then click 'clean up system files' button. Select what you want to delete. Careful though there are memory dumps, restore points and downloaded microsoft updates in there as well that you may want to keep. They can grow very large in size. However, they are all safe to delete through disk clean up. As an example on a Windows 7 updated to windows 10 you can delete the Windows 7 backup in there as well. Doing so you can't choose to go back to Windows 7. I made a clone of Windows 7 prior and after Windows 10 so for me I deleted it all & regained 20-30G's of disk space.

Read other 1 answers
RELEVANCY SCORE 43.6

We are experiencing this problem with a few workstations and laptops and what we are currently doing is exporting the CA certificate from a workstation that has it in its store and importing it. The problem with this is that the certificate will eventually
expire and we will have to re import a new one again. I don't believe it is a group policy issue because other computers in the same OU are not missing the certificate.

Cany anyone shed light on how to troubleshoot this or how to force (if possible) the workstation to download the CA certificate?

Thank you in advance.
Jose

Read other answers
RELEVANCY SCORE 43.6

Hello,
I've a very nasty issue with root CA certificate that's disappearing from the trusted root authorities store. I'll shortly describe the environment: 
- Two tier PKI infrastructure with a offline, standalone root CA and a domain joined Enterprise issuing CA (both W2012R2); root CA certificate is published in AD
- There's a parent and child domain. Issuing CA lives in parent domain (2012R2 domain&forest level)
- Employees are working on a 2012R2 RDS&Citrix XenApp 76 server in the child domain
- In the parent domain several servers are using a SSL certificate signed by the company owned issuing CA; it's a SAN certificate
- The root CA's certificate is in the Trusted Root Certification Authorities store of all member servers in parent & child domain (so, that's also valid for the 2012R2 RDS servers)
The issue is that the certificate of the root CA that's in the trusted CA store of all RDS servers is being deleted on a regular base (at least once a day on each RDS-server). I enabled CAPI2 logging, but I couldn't find anything that makes sense. However
I'm able to reproduce this issue in very simple way: if I start IE11 on a RDS-server and browse to the IP-adres or NETBIOS-name of a webserver that host a site that's using a certificate from our PKI (so, it's clear that the URL isn't matching the names entered
in the SAN certificate) and I click on 'Continue to this website (not recommended)', the root CA's certificate is being removed from trusted... Read more

Read other answers
RELEVANCY SCORE 43.2

Hello,

I need to get some help to try to fix my computer (obvious, since I am here).

Last week a pop-up window for google update failure started to appear. Then the antivirus live 2010 pop-ups started to happen at start up and continually as the computer was operating, complete with the background change (as seen in several other threads on this site). Taskmanager was disabled by the "administrator" so I could not close the pop-ups that way.

Disconnected my computer from the internet immediately and went out to get Norton to try to fix the problem. I installed Norton Internet security 2010 but it would not run unless I was in Safe Mode. Updated definitions by downloading the file at work and taking it home on a USB key. (Do I need to worry about the USB key becoming infected from using it on the affected computer?)

After running Norton Several times and resolving several issues I tried to start back in normal mode but still had the antivirus live 2010 problem. I found that my internet browser would not work when running in standard but would work fine in Safe Mode with Networking. Disconnected the computer again after finding that the internet would work in Safe Mode with Networking. The computer is run to the internet through a Belkin router.

I found the Tech Support Forum website while looking for solutions to my malware problem at work. I downloaded the diagnostic software as described in the New Instructions posting. When I got home I ... Read more

A:antivirus live 2010, google update failure pop-up, corrupted root file

Hi Eng2000, welcome to the forum.

To make cleaning this machine easierPlease do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


Quote:




(Do I need to worry about the USB key becoming infected from using it on the affected computer?)




That will depend on the type of infection(s) on the computer. We can look at that when we have seen some logs.

We'll see if we can replace that file from the Recovery Console

Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

1. Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
2. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
3. You should now see a list of installations... Read more

Read other 16 answers
RELEVANCY SCORE 43.2

Ok, so I've run into a very tricky spot:

Yesterday, I successfully resolved a windows update issue (thread can be found here: Unable to get any updates at all: Error 800f0900 ).

Basically, one problem led to another and I ended up having to painstakingly transfer programs from my laptop to a flash drive and then to my desktop. When I finally found out what was the problem with my USB ports not working, I reinstalled the motherboard drivers, and everything seemed to work fine--for the USB 2.0 ports.

Now the USB 3.0 ports aren't working and I have no idea why. I tried downloading intel's drivers from their site and no luck. I tried downloading from the motherboard manufacturer's site and no luck. So, I finally looked at the hardware/device manager: "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)"

A:Intel USB 3.0 root hub and USB root hub registries missing/incomplete?

This could be handy for those might want to help you sorted it out, you to System Info - See Your System Specs

Could those Usb 3.0 drivers branded from another manufacturer?

Read other 3 answers
RELEVANCY SCORE 40.8

Root Kit Buster

I have scanned a number of times with Trend Root Kit Buster and each time it had found two discrepancies and each time I tried to “fix it”, they were “unable to fix”.

I’ve used TDSSKiller and it found no root kit. I used Blacklight and it found a root kit, but no way of removing it.

I've attached the MS Paint of Trend Report Unable to Fix, and the Trend Notepad Log of discrepancies follows:

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1041
| Computer Name: ACER-PC

+----------------------------------------------------
--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
MBR unsupported disk type
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.
--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : Z
Image Path : C
OriginalHandler : 0x80655a96
CurrentHandler : 0xf561b6d0
ServiceNumber : 0x107
ModuleName : u
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
[KERNEL_CODE][DEVICE_OBJECT]:
Driver Name : PfModNT
DeviceObject at : 0134E020
1 Kernel code patching found.

--== Dump Hidden Services ==--
No hidden services found.

Any views or thoughts?
 

Read other answers
RELEVANCY SCORE 40.4

Is there a rvkroots.exe available for download for the mentioned KB so that I can remediate a Nessus finding?
We are on a disconnected network so windows update is disabled in our network.
In the past we are able to just download rvkroots.exe and push it out to all our Win7 computers.

Read other answers
RELEVANCY SCORE 37.6

Every Time when i close my notebook i get a fault with USB Root 3.0 Root Hub.After restart all works fine. Notebook works with slimline Portrepikater 2013.  

Read other answers
RELEVANCY SCORE 36.8

I've searched for a similar thread, without success. I've recently been getting this error message in Event Viewer:Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.When I click on the link, I get a file called "authroot.stl" - a certificate file. If I then extract the file, I get a Certificate Trust List, at the head of which is: "This Certificate Trust List is not valid. The certificate that signed the list is not valid." Clicking "View Signature" for each entry in the list results in "The certificate is not valid for the requested usage."I'm sure that this means something to someone, but - to me - it might just as well say "wibble." What's going on here, could anyone tell me, plus how to do something about it, please? TIA! Ray

A:Certificates?

Check the date and time in the lower right corner of the screen
Reset it if necessary and then try windows Update again

Read other 6 answers
RELEVANCY SCORE 36.8

My remote access is throwing up an untrusted certificate error as follows: CA Root certificate is not trusted. To enable trust install this certificate in the Trusted Root Certification Authorities store. It is not offering an option to install the certificate.

I need assistance with this, can't find how to install the certificate in the store - can anyone help? I am using Windows 7 Home Premium on a Dell Studio XPS16

A:Certificates

If you're sure you want to trust it ... Windows root certificate program members

Read other 8 answers
RELEVANCY SCORE 36.8

How many certificates needed to install ATA in a real environment?
Do I need one for console SSL , one for Center Service, and one for Gateway/ lightweight Gateway?
OR one certificate for all will be enough?

Read other answers
RELEVANCY SCORE 36.8

when going to a website with a certificate, i can click continue to go into the website, but how do you import the certificate in IE7 as this does not appear as an option.
 

Read other answers
RELEVANCY SCORE 36.8

Greetings

More time has passed since I last needed help and now that I do, where do I turn? Here for the word on the street!

Hope someone can help me out with this one...

I want to make some of my organisations websites SSL encrypted. We're using Windows NT4.0 SP6a with IIS 4 installed and the site is being accessed using combinations of IE5 through to IE6.

I have achieved SSL on the desired pages using a certificate generated here from one of our W2K servers. However, when users access the site, they get a message saying the certificate is from an unknown Certificate Authority. If they install the certificate, sometimes the problem goes away, sometimes when they return it re-appears.

So, what I want to know is:
is it possible for us to issue our own certificates that will not be flagged up as a possible security issue to users;[/list=1]
if not, how, after installing the certificate on the users PC, can we stop being asked to install it again in the future when the same message pops up; and[/list=2]
if both of the above are not possible, will buying a certificate from a 'proper' CA stop the message appearing all together? If so, why? Does IE automatically assume they are ok?[/list=3]

Can anyone help me out?

Many thanks

G

 

Read other answers
RELEVANCY SCORE 36.8

I use Scottrade for trading stocks, they have streaming quotes on their website, but I cannot access them, I get an 404 error. I use DSL . If I use dialup, I can get them. I am wondering if this has anything to do with certificates. Any ideas
 

A:Certificates

What browser do you use for dialup/dsl, and what OS do you have?
 

Read other 1 answers
RELEVANCY SCORE 36.8

This is something that i havent had tah deal with before as a windows user. i have found that when i look at all my certificates in internet options in windows 98 se,quite a few of them are outdated,or have expired.alot of them cant be recognized and have an red *X* over them because they are outdated. i am not familiar in this area of windows. could someone please tell me how too bring these certificates up to date?..ty
 

Read other answers
RELEVANCY SCORE 36.8

had an issue with my PC last night and I had to pull the CMOS battery, reset bios and scan disc ran when windows started. Everything is fine. Now I am getting those certificate boxes popping up on random websites. One of which being yahoo mail. I cant remember what option I chose but now when I click MAIL, it goes to the login screen and its a plain text html screen. How do I fix this?

A:certificates

just got another one. It says "This connection is untrusted". How do I stop these?

Read other 7 answers
RELEVANCY SCORE 36.8

I've been seeing the following message in Event Viewer:
When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.So I go to look at my list of trusted root certificates, and indeed there are 312 of them. I presume that some of them are autoinstalled by Windows Update, some of them were there all along, and so on. Most of them are from places I've never heard of, such as "VRK Gov. Root CA" or "EBG Elektronik Sertifika Hizmet Sağlayicisi." Moreover, 36 of them have expiration dates in the past.

Is there a guide somewhere that explains how to go about cleaning up this list? In particular, is it always safe to delete any certificates that are past their expiration dates?

A:Too many certificates!

Hi
My Name is Kaushal and I work for Dell social media and community at Dell.
Well if we talk about Event Viewer, It’s the list of error reported in windows, whether the update have been installed properly or not.
However there is no problem deleting the list because it's just an overview of action which computer is taking to resolve any reported errors.
and just to inform you ,There are no guide which have been made to Delete these error from Event viewer.

Thanks
Dell Kaushal P
Dell Social Media Responder

Read other 1 answers
RELEVANCY SCORE 36.8

I have posted this question in the Outlook and Exchange forums and received few replies and no real information.
 I also posted it in the Windows 7 forum for email and communications, and a Microsoft Support Engineer suggest that I post the question here.

We have a few 32-bit Windows 7 machines left in our environment, and several of them have an odd problem when it comes to email encryption.
 In Outlook, in the Change Security Settings dialog box (Go to File > Options > Trust Center > Trust Center Settings > Email Security > Settings), when you click either one of the
Choose buttons, the Select a Certificate dialog box is empty, even though an email encryption certificate with valid dates is installed on the machine.
 For some users, this prevents them from being able to send encrypted emails.




I know this can happen if the certificate does not contain a private key, but I have confirmed that the private key is present on all the affected machines.




The only way that I have been able to reproduce this behavior is to export a certificate from a 64-bit machine, and import it on to a 32-bit machine.
 I believe that in the past some administrators requested certificates from the CA using their 64-bit machines, and then installed them on 32-bit machines, but I cannot verify that for certain.




If I take the email encryption certificate from the user's 32-bit machine and install it on a 64-bit machine, not only is i... Read more

Read other answers