Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Trusted root CA certificates at the IIS Server

0 views
Skip to first unread message

Ramya Priya

unread,
Jul 9, 2003, 8:03:07 AM7/9/03
to
Hello,
I am a beginner with IIS.
In the IIS security check list for Windows 2000, there is a guideline given
that all root CA certificates that are no trusted shuld be removed and this
can be done by using the 'Certificates' MMC snap in
We have a Windows 2000 domain that is not connected to the Internet.
However, there are some applications that host their home pages in the IIS
server.
I can see some 106 certificates being listed in trusted root certification
authorities category in the Certificates Snap in
Now, I am not very sure if disabling all these 106 certificates will result
in tampering the normal working of the systems.
Can you please tell which of these certificates are by default used by the
Win2k OS itself and if disabling these would cause troubles?
Thanks and regards,
Ramya

Roger Abell [MVP]

unread,
Jul 10, 2003, 2:36:52 AM7/10/03
to
Ramya,

I do not have such a list, nor have I seen one.
Most of the certs shipped in W2k are there for use of the
system as a client - for example, to be able to use SSL at
some external website whatever cert provider they had used.

Here is how I have approached this. I have left the MS certs
there in order to verify update packages, etc.. I have left the
CAs that I know I wanted (Verisign, etc.). In your entirely
internal situation this might be none. For the rest, I have then
exported the cert so that I could later readd it, and then removed
it and played the waiting game to see if it actually was needed
for anything (almost never is in a machine not being used as a
client).


"Ramya Priya" <priya...@blr.spcnl.co.in> wrote in message
news:beh0fm$g3b$1...@news.mch.sbs.de...

Ramya Priya

unread,
Jul 10, 2003, 6:32:04 AM7/10/03
to
Thanks for the response..
Like you have said, sice our domain will be a pure internal network and even
MS updates are not checked in between.
So, can I export all of these first and delete, or to be on the safe side,
disable these certificates and watch out for any problems?

"Roger Abell [MVP]" <mvpN...@asu.edu> wrote in message
news:OhnBi3qR...@TK2MSFTNGP12.phx.gbl...

Roger Abell [MVP]

unread,
Jul 10, 2003, 11:10:39 AM7/10/03
to
MS updates are checked during intall.

"Ramya Priya" <priya...@blr.spcnl.co.in> wrote in message

news:bejfh0$dg7$1...@news.mch.sbs.de...

0 new messages