mixit Posted March 10, 2017 Share Posted March 10, 2017 Curiouser and curiouser... Since @Dave-H and @5eraph both got a new authroots.sst, I tried again via a Tor proxy and sure enough, I got a new one this time. However, that particular MS cache didn't have the new roots.sst, but did have the new updroots.sst I got before. Apparently we can't trust that MS servers are properly synced. Below are the SHA-256 sums of what I have now, are yours the same? f791d5d50d72af8a804f035f06d6c4df4b880734bdb0758b802bb9b6a50fbd9b *authroots.sst d81a9be65cbcc042c27b7892afa530ac87605a91bcf97ac446d6c37cfed10d5c *delroots.sst 5fba6710bf183bae86e41d9300614f4baeb91da677b503d4622376c434b2cae5 *disallowedcert.sst 22d619f7cab05a2d51d4a9db71694d88e66189d221b72d249a3821bea179ba9c *roots.sst 711068329f6ff50b7b9eb2418638bf9ee6cfc44e2d711b5fa1edbe68375b103c *updroots.sst Link to comment Share on other sites More sharing options...
Dave-H Posted March 10, 2017 Share Posted March 10, 2017 Sorry I'm not sure how to check that. I have just run the updater again though, and my updroots.sst has changed, it's now dated 28/02/17 instead of 12/11/16, which is good, but strangely, my disallowedcert.sst is now dated 24/05/16 instead of 25/05/16 as it was before! Link to comment Share on other sites More sharing options...
heinoganda Posted March 10, 2017 Author Share Posted March 10, 2017 (edited) This problem with the update server from MS I have already pointed out! I update about 12 hours after reporting an update because of this circumstance. An indication of this problem I could well imagine, in future announcements with the Root respectively Rekoved certificate updates. MS just wants to annoy us! Edited March 10, 2017 by heinoganda Link to comment Share on other sites More sharing options...
5eraph Posted March 11, 2017 Share Posted March 11, 2017 On 3/10/2017 at 1:18 PM, Dave-H said: Sorry I'm not sure how to check [SHA-256 hashes]. HashTab has support for SHA-256. Just received the latest updroots.sst (dated 2017-02-28). All my hashes now match mixit's above. Link to comment Share on other sites More sharing options...
dencorso Posted March 12, 2017 Share Posted March 12, 2017 This is what I'm getting with @heinoganda's Cert_Updater.exe, both yesterday and today... Quote authroots.sst 11/11/2016 10:59 PM Roots delroots.sst 11/11/2016 10:59 PM Roots roots.sst 28/02/2017 02:48 PM Roots updroots.sst 28/02/2017 02:48 PM Roots disallowedcert.sst 24/05/2016 05:59 PM Revoked Link to comment Share on other sites More sharing options...
heinoganda Posted March 12, 2017 Author Share Posted March 12, 2017 (edited) This should look like the following, because the MS download server seems to run quite assynchronously. (It can also lead to a different date due to the time zones.) Edited March 12, 2017 by heinoganda Link to comment Share on other sites More sharing options...
Dave-H Posted March 12, 2017 Share Posted March 12, 2017 (edited) Yes, that's exactly what I've now got, all -1 hour on the times in the first image due to the time difference between the UK and mainland Western Europe. Edited March 12, 2017 by Dave-H Correction Link to comment Share on other sites More sharing options...
heinoganda Posted March 13, 2017 Author Share Posted March 13, 2017 Interesting mainly what can happen by the time zone with the date, comparison of delroots.sst. It is a vexing subject that the download servers of MS the updated files are very late for some users. Link to comment Share on other sites More sharing options...
Monroe Posted March 13, 2017 Share Posted March 13, 2017 (edited) Just a simple question or two about these certificate updates. I think I saw this mentioned many pages back in this thread but not sure. I want to get this cleared up for all future discussion. These current updates are 'only' for the IE browser that a person uses with WinXP ... probably mostly IE 8 with most people. So if a person no longer uses IE 8 or IE 6 with WinXP but another browser like Pale Moon, Firefox and such ... these updates really mean nothing or are of little use ... am I correct on this? I am not using the WinXP POS updates ... my WinXP updates stopped in early 2014. However, these newer certificate updates can benefit those people still updating WinXP and using a version of IE. So my question ... if I no longer use IE 8 for anything then these certificate updates have no benefit and are not needed? If a person uses Pale Moon or any other browser ... these certificate updates are of no use to any other browser that a person might be using on their computer? Sorry for repeating or going over everything more than once but I want to nail this down once and for all ... thanks. Edited March 13, 2017 by monroe sp Link to comment Share on other sites More sharing options...
heinoganda Posted March 13, 2017 Author Share Posted March 13, 2017 (edited) As a rule, many programs that use certificate-based encryption rely on Windows's own certificate management, such as Internet Explorer and Chromium-based browsers (known errors, the Web pages with ECC certificates can not be displayed because the Windows certificate management can not process them). There are also programs that have their own certificate management, which I know, like Firefox based browsers, Oracle Java and Python. Windows itself is also dependent on current root certificates (have an expiration date) in the drivers, MS updates, NTFS based encryption of drives or directories, ect. ..... Particularly noteworthy are the current rekoved certificates, which prevent the abused root certificate still active and thus constitute a security risk. Edited March 13, 2017 by heinoganda 2 Link to comment Share on other sites More sharing options...
Monroe Posted March 13, 2017 Share Posted March 13, 2017 (edited) So after reading your post I guess a person should still apply these certificate updates ... even if they no longer receive any WinXP updates or no longer use any version of Internet Explorer. Ok ... thanks for your reply, I will continue to download newer versions. Edited March 13, 2017 by monroe sp Link to comment Share on other sites More sharing options...
Roffen Posted April 23, 2017 Share Posted April 23, 2017 I am happily ignorant about what certificates are good for. I don't know and don't worry as long as I don't have any problems with the OS I am running. Latest update here was april 19, Update for WEPOS and POSReady 2009 (KB4015193) 1 Link to comment Share on other sites More sharing options...
Bersaglio Posted April 23, 2017 Share Posted April 23, 2017 6 hours ago, Roffen said: Latest update here was april 19, Update for WEPOS and POSReady 2009 (KB4015193) I am sorry but how Time Zone update can be related to Сertificates? Link to comment Share on other sites More sharing options...
heinoganda Posted April 23, 2017 Author Share Posted April 23, 2017 (edited) The time zone update definitely does not affect the updates from the certificates. It was in an earlier post anyhow illustrating that there may be date differences in the downloaded certificate containers can be due to the time zones. As in the case of delroots.sst. Edited April 23, 2017 by heinoganda Link to comment Share on other sites More sharing options...
mirekprv Posted April 27, 2017 Share Posted April 27, 2017 This is what I'm getting with @heinoganda's Cert_Updater.exe: 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now