Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Intermediate and Root CA update

3 views
Skip to first unread message

Jim

unread,
Nov 11, 2009, 11:38:09 AM11/11/09
to
Is there a qualified Microsoft update for Intermediate and Root
certificates? Will this work for win98se? I have read somewhere out there
that it is not good to remove old/expired certs because some website ssl
etc. will not work and older encrypted items in your files may not be
enabled to open. Is this true?


PA Bear [MS MVP]

unread,
Nov 11, 2009, 1:15:37 PM11/11/09
to
Root Certificates updates are only available to WinXP & higher running IE7
or higher.

MEB

unread,
Nov 11, 2009, 3:19:06 PM11/11/09
to

Oh great, now I'm contradicting PA Bear, sorry Pa, don't hold it
against me.. you are, however, correct to a point, they are not
officially offered.

As recently as 09/21/09 I checked the direct link to updated rootsupd
for 9X and it was still available, at version 021. Likely the reason for
it is the agreement originally made between authorities, manufacturers,
and others, and Microsoft.

The installation INF still references this:
[Version]
Signature = "$Chicago$"
Provider = %Msft%
AdvancedINF = 2.0,%AdvPack%

and does contain the correct registry key and information.

The update still contains:
w95inf16.dll
w95inf32.dll
required for proper installation.

Numerous discussion were done in win98.gen_discussion over the course
of its existence which addressed the old and after EOL, newer versions
of the certs and why they were necessary in certain circumstances and/or
general usage. Perhaps searching some of the archived discussions might
be of value:

http://www.google.com/search?&q=win98.gen_discussion+certs+install&start=10&sa=N
http://www.archivum.info/microsoft.public.win98.gen_discussion
http://www.win98banter.com
http://help.wugnet.com/windows2/
or some of the other archival sites/services.

Within them, you will find indications to issues regarding certs and
resultant issues in AV programs, installation issues, OE, and other
applications or functions which might require them, which indicates why
it *may* be necessary to install updated certs. Moreover, the newer
certs also include the new authorities, and may contain some deleted ones.
In one discussion [2007 if I remember correctly, though it may have
been after EOL in 2006 {around version 8 or 9, or was it 13 maybe}], we
even went through the keys changed, immediately upon installation verses
after running IE6 [which modifies or removes some of those values as the
newer certs contain additional functions not supported in 9X]. We also
noted that unless one went the the order of offering [versions] some of
the cert keys were not installed [or at least at that time].

For a short generalized explanation, see:
http://peoplescounsel.org/ref/security/certs_install.htm

Not sure if that completely answers your question, but it should at
least help with your issue should you have one.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

MEB

unread,
Nov 11, 2009, 3:27:44 PM11/11/09
to

OOPS, correction, sent the wrong draft:
"contains additional functions not supported in 9X]" should be:
"contains additional functions not supported in 9X and/or IE6SP1 {EOL}]"

MEB

unread,
Nov 11, 2009, 3:39:58 PM11/11/09
to

Oh man,,, sorry, one more [manual link entry screwup]:
the peoplescounsel link is:
http://peoplescounsel.org/ref/gen/security/certs_install.htm

{Not saying there may be more here, still doing my wakeup cups of
coffee today]

0 new messages