PKI Tutorials - Herong's Tutorial Examples - Version 2.04, by Dr. Herong Yang
IE 10 Reinstalling Root Certificates Automatically
This section provides a tutorial example showing IE 10 reinstalls trusted root certificate automatically when it is needed to validate an HTTPS Web server certificate.
From the previous tutorial, we learned that there is second root CA certificate "VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)" that can be used to validate "login.yahoo.com". If I delete "VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)" also from IE 10, what will happen?
1. Run IE 10 as administrator, and go to the "Trusted Root Certificate Authorities" certificate store.
2. Go through the list of root CA certificates, and locate "Class 3 Public Primary Certification Authority certificate. You will see 3 entries.
3. Export all 3 entries of "Class 3 Public Primary Certification Authority" certificates to local files.
4. Remove all 3 entries of "Class 3 Public Primary Certification Authority" certificates.
5. Close and run IE 10 again. Go to https://login.yahoo.com and wait for the log in page to be displayed.
6. Click the lock icon at the end of the Web address field and click the "View certificates" link.
7. Click the "Certificate Path" tab. I am surprised to see that IE 10 validated "login.yahoo.com" certificate with the same certificate path:
VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1) |- VeriSign Class 3 Public Primary Certification Authority - G5 |- VeriSign Class 3 Secure Server CA - G3 |- *.login.yahoo.com
8. Close the Certificate and go to the trusted root CA certificate area. I see that "Class 3 Public Primary Certification Authority" with a display name of "VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)" has been installed back in IE 10.
This tells me that IE 10 automatically fetched the root CA certificate from the Internet and install it as trusted root CA when it is needed.
Last update: 2015.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
►Using HTTPS with IE (Internet Explorer) 10
Visiting "https" Web Site with IE 10
Viewing Server Certificate Details in IE 10
Viewing Server Certificate Path in IE 10
Installing Server Certificate Permanently in IE 10
Viewing Certificates in Certificate Stores in IE 10
Listing of Trusted Root CA in IE 10
Exporting Certificate to File from IE 10
Saving Server Certificate to File with IE 10
Deleting Certificates from IE 10
IE 10 Supporting Multiple Certificate Paths
►IE 10 Reinstalling Root Certificates Automatically
Windows Automatic Root Update Mechanism
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Certificate Stores and Certificate Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
PKI CA Administration - Issuing Certificates
Digital Signature - Microsoft Word 2007
Digital Signature - OpenOffice.org 3