Outdated: Windows XP Component "Update Root Certificates"
This section describes the process used by Windows XP component, Update Root Certificates, to communicate to Windows Update Web site to fetch a trusted root certificate and install in on the local computer automatically.
To understand better why IE 8 is automatically reinstall a trusted root certificate on my computer,
I did a quick research and found this article
"Certificate Support and the Update Root Certificates Component" on Microsoft Web site:
Using Microsoft Windows XP Professional with Service Pack 1 in a Managed Environment: Controlling Communication with the Internet
- Certificate Support and the Update Root Certificates Component
- Published: December 27, 2004
How Update Root Certificates Communicates with Sites on the Internet
This subsection focuses on how the Update Root Certificates component communicates with sites on the Internet. The previous subsection, "Overview: Using Certificate Components in a Managed Environment" provides references for the configuration choices that control the way other certificate components communicate with sites on the Internet.
If the Update Root Certificates component is installed on a user's computer, and the user's application is presented with a certificate issued by a root certification authority that is not directly trusted, the Update Root Certificates component communicates across the Internet as follows:
Specific information sent or received: Update Root Certificates sends a request to the Windows Update Web site, asking for the current list of root certification authorities in the Microsoft Root Certificate Program. If the untrusted certificate is named in the list, Update Root Certificates obtains that certificate from Windows Update and places it in the trusted certificate store on the user’s computer. No user authentication or unique user identification is used in this exchange.
Default setting and ability to disable: Update Root Certificates is installed by default in Windows XP with SP1. You can remove or exclude this component from installation on users’ computers.
Trigger and user notification: Update Root Certificates is triggered when the user is presented with a certificate issued by a root certification authority that is not directly trusted. There is no user notification.
Now I understand better what happened when visiting a secured Web site using IE 8 and
the root certificate for that web site is not installed on my Windows XP system:
- IE 8 reached out https://login.yahoo.com for server certificate.
- IE 8 received "login.yahoo.com" certificate.
- IE 8 could not find the root certificate to validate "login.yahoo.com" certificate.
- IE 8 turned to Windows XP "Update Root Certificates" component for help.
- "Update Root Certificates" contacted "http://windowsupdate.microsoft.com/".
- "Update Root Certificates" fetched the root certificate.
- "Update Root Certificates" installed the root certificate on the local computer.
- "Update Root Certificates" returned the control back to IE 8.
- IE 8 validated "login.yahoo.com" certificate with the newly installed root certificate.
Last update: 2015.
Table of Contents
About This Book
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with IE (Internet Explorer) 10
Using HTTPS with Chrome 40
Using HTTPS with Firefox 35
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Certificate Stores and Certificate Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
PKI CA Administration - Issuing Certificates
Digital Signature - Microsoft Word 2007
Digital Signature - OpenOffice.org 3
S/MIME and Email Security
PKI (Public Key Infrastructure) Terminology
►Outdated: Windows XP Component "Update Root Certificates"
Outdated: Windows XP Component - Removing "Update Root Certificates"
Outdated: IE 8 Displaying Certificate Error Page
Outdated: IE 8 Displaying Certificate Error Icon
Outdated: Viewing Certificate Path Validation Error in IE 8
Outdated: Importing Root Certificate from a File to IE 8
PDF Printing Version