![]() The topmost available certificate is available here if anyone is interested in inspecting it. ![]() The question is - how can we use that source ourselves. So there must be some other source of knowledge about trusted roots. And even if it had, Windows would not automatically trust the downloaded certificate. The problem is that the topmost available certificate in the chain (the child of missing trusted root) does NOT have such extension included. I know about Authority Information Access extension. If we manually remove newly downloaded trusted root certificate from Windows storage, the chain can't be built again. Not surprisingly, there is no 'Turn off Automatic Root Certificates Update' entry in the 2016 edition. After this we can build the certificate chain up to the newly installed root. But if we visit such site using IE or Chrome, Windows automatically downloads (verified) the trusted root somewhere and silently installs it to Trusted Certificate Authorities storage. On certain sites the certificate chain can not be built up to the trusted root certificate because this trusted root cert is not known to Windows. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |