If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Certificate viewer/manager - Where to find it ?
Hello All,
Having read about Googles "soft nudging" to get the world to use HTTPS, I realized that I've never even tried to look at the certificates an "S" connection uses. When I tried to find a/the program to view such cerificates all I could find was CERTMGR.MSC. But that thing can't start (not an executable or DLL), and google turns up ziltch in that regard. My question: Which program do I need to start to be able to view/manipulate the stored cerificates (I found a few in the registry) ? Also: At this day-and-age, are there *any* that I still need (found a number of CA and Root certificates) ? In other words: would it hurt when I would remove them all ? Regards, Rudy Wieser P.s. I can view/manipulate them thru IE, but is that the only way ? What about (possible) other certificates ? |
#2
|
|||
|
|||
Certificate viewer/manager - Where to find it ?
On Thu, 7 Aug 2014 20:19:55 +0200, R.Wieser wrote:
Hello All, Having read about Googles "soft nudging" to get the world to use HTTPS, I realized that I've never even tried to look at the certificates an "S" connection uses. When I tried to find a/the program to view such cerificates all I could find was CERTMGR.MSC. But that thing can't start (not an executable or DLL), and google turns up ziltch in that regard. My question: Which program do I need to start to be able to view/manipulate the stored cerificates (I found a few in the registry) ? Also: At this day-and-age, are there *any* that I still need (found a number of CA and Root certificates) ? In other words: would it hurt when I would remove them all ? Regards, Rudy Wieser P.s. I can view/manipulate them thru IE, but is that the only way ? What about (possible) other certificates ? Did your MSC file association broke? Try this command line: mmc c:\windows\system\certmgr.msc Alternatively, use the native one: rundll32 c:\windows\system\cryptui.dll,CryptUIStartCertMgr |
#3
|
|||
|
|||
Certificate viewer/manager - Where to find it ?
Hell JJ,
Did your MSC file association broke? As far as I can tell I never had such a file association. Is it maybe part of an add-on installation (from the Win98se CD) ? Try this command line: mmc c:\windows\system\certmgr.msc Yes, while googeling I found that reference too. Alas, MMC.EXE is not found on my machine (remember: Win98se). I did find an MMC.DLL though. Any relation ? Alternatively, use the native one: rundll32 c:\windows\system\cryptui.dll,CryptUIStartCertMgr Thanks, that one worked for me. And it shows the same layout as from within IE. :-) As for the other question, do I still need those CA and Root certificates on a Win98se machine, any idea ? Could they (still) be harmfull to my machine (automatically trusted and al that). Regards, Rudy Wieser -- Origional message: JJ schreef in berichtnieuws ... On Thu, 7 Aug 2014 20:19:55 +0200, R.Wieser wrote: Hello All, Having read about Googles "soft nudging" to get the world to use HTTPS, I realized that I've never even tried to look at the certificates an "S" connection uses. When I tried to find a/the program to view such cerificates all I could find was CERTMGR.MSC. But that thing can't start (not an executable or DLL), and google turns up ziltch in that regard. My question: Which program do I need to start to be able to view/manipulate the stored cerificates (I found a few in the registry) ? Also: At this day-and-age, are there *any* that I still need (found a number of CA and Root certificates) ? In other words: would it hurt when I would remove them all ? Regards, Rudy Wieser P.s. I can view/manipulate them thru IE, but is that the only way ? What about (possible) other certificates ? Did your MSC file association broke? Try this command line: mmc c:\windows\system\certmgr.msc Alternatively, use the native one: rundll32 c:\windows\system\cryptui.dll,CryptUIStartCertMgr |
#4
|
|||
|
|||
Certificate viewer/manager - Where to find it ?
On Fri, 8 Aug 2014 11:14:34 +0200, R.Wieser wrote:
Hell JJ, Did your MSC file association broke? As far as I can tell I never had such a file association. Is it maybe part of an add-on installation (from the Win98se CD) ? Try this command line: mmc c:\windows\system\certmgr.msc Yes, while googeling I found that reference too. Alas, MMC.EXE is not found on my machine (remember: Win98se). I did find an MMC.DLL though. Any relation ? Oops, I forgot that it's part of Windows 98 Resource Kit. In the CD, the MMC setup package can be found at: X:\tools\reskit\setup\mmc\mmc.exe As for the other question, do I still need those CA and Root certificates on a Win98se machine, any idea ? Could they (still) be harmfull to my machine (automatically trusted and al that). Root certificates are needed for verifying certificate of secured/HTTPS sites, and digital signature in EXE/DLL/SYS/etc. files. Of course, that's if the program use Windows own certificate database. Some open-source programs use their own certificate database. The only (potentionally) harmful certificates are those that are not yet expired but have been revoked by Microsoft. Expired certificates are considered invalid and will no longer usable, so no need to worry. Any certificate verifier would present a prompt, or fail the verification if it encounter an expired certificate. Any non-expired lower level certificates will also be invalid if the upper level certificates are invalid. I don't know if this is possible in Windows 9x, but you may want to try manually extracting the Certificate Revocation List Hotfix to get the *.SST files and importing them into the certificate database - even though the hotfix program may not be made for Windows 9x. The latest Hotfix (July 2014) can be found he http://www.microsoft.com/en-us/download/details.aspx?id=43672 That hotfix is for Windows Server 2003. If it refuses to run under Windows 9x, extract the content using 7-Zip, WinRAR, or any archive manager that support extracting a self-extracting CAB file. Once you extract the files, import the "disallowedcert.sst" file from the certificate manager. Additionally, download the latest revocation list from the Windows Update server: (warning: long URL) http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab This list is the most up to date, but doesn't include the older revoked certificates included in the hotfix mentioned above. For completeness, also download the latest root certificate list hotfix from the Windows Update server: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe Extract it manually like mentioned above if it refuses to run under Windows 9x. Then finally, get the most up to date root certificate list: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab Same as "disallowedcertstl.cab". It won't contain older certificates. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
certificate of authenticity | Peter | General | 3 | January 6th 07 12:56 AM |
Certificate problem | Charles W | Internet | 1 | August 15th 05 01:39 PM |
Certificate Authenticity | Julie | Disk Drives | 2 | September 29th 04 11:47 PM |
Can't find correct Word Viewer for Windows ME on msn download page | Liz | Software & Applications | 1 | September 28th 04 09:24 PM |
Certificate of Authenticity | Tanya M. | General | 1 | July 7th 04 09:10 PM |