If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.
Update Root Certificates
I would like to know answers for following...
What is the purpose of Update Root Certificates
How do i turn off update root certificates in W2K8
what is the draw back of turning off it.
what is the benefit of turning it on
What is the purpose of Update Root Certificates
How do i turn off update root certificates in W2K8
what is the draw back of turning off it.
what is the benefit of turning it on
Asked:
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Thanks for posting that links. So to turn off the automatic root certificates updates, here is what i did.
in group policy -> Computer Configuration\Administrati
And
Computer Configuration\Administrati
Is this the right way to turn off Automatic root certificates updates on windows server 2008 box ?? or is there any other way to do that.
Please find the attachment.
1.JPG
in group policy -> Computer Configuration\Administrati
And
Computer Configuration\Administrati
Is this the right way to turn off Automatic root certificates updates on windows server 2008 box ?? or is there any other way to do that.
Please find the attachment.
1.JPG
Well you can just disable the Turn Off Automatic Root Cert Updates. Even with the above setting you can still update manually if you ever need to update.
Answers below:
What is the purpose of Update Root Certificates
The certificate authorities that issue public certificates issue these based on the ROOT certificates that they publish. This list of root certificates is explicitly trusted and changes from time to time for various reasons. Windows automatically gets updates for this trusted list.
How do i turn off update root certificates in W2K8
Do as sudhirgoogle: posted above
what is the draw back of turning off it.
You will have to manually update this list. If it gets too out of date then you will get errors with your public certificates+ security risk.
what is the benefit of turning it on
Saves you time and effort + no errors + better security. There may be instances where you do need to turn this off eg. on an exchange server to support intermediate certificates for older mobile devices.
Hope this answers your questions.
What is the purpose of Update Root Certificates
The certificate authorities that issue public certificates issue these based on the ROOT certificates that they publish. This list of root certificates is explicitly trusted and changes from time to time for various reasons. Windows automatically gets updates for this trusted list.
How do i turn off update root certificates in W2K8
Do as sudhirgoogle: posted above
what is the draw back of turning off it.
You will have to manually update this list. If it gets too out of date then you will get errors with your public certificates+ security risk.
what is the benefit of turning it on
Saves you time and effort + no errors + better security. There may be instances where you do need to turn this off eg. on an exchange server to support intermediate certificates for older mobile devices.
Hope this answers your questions.
Hello grimace606,
Thanks for your response. I do not understand your statement "The certificate authorities that issue public certificates issue these based on the ROOT certificates that they publish"
Can you please explain that little bit more detail..
Thanks for your response. I do not understand your statement "The certificate authorities that issue public certificates issue these based on the ROOT certificates that they publish"
Can you please explain that little bit more detail..
"A CA issues digital certificates that contain a public key and the identity of the owner. The matching private key is not similarly made available publicly, but kept secret by the end user who generated the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates. CAs use a variety of standards and tests to do so. In essence, the Certificate Authority is responsible for saying "yes, this person is who they say they are, and we, the CA, verify that".
If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to whoever is identified in the certificate."
A user will trust the issuing Public CA - they will do this based on the ROOT certificate issued by the public CA.
Companies that own their own root certificates are root certificate authorities. A trusted root certificate authority is one that your web browser includes in its list of trusted authorities.
Some reading on certificates : http://msdn.microsoft.com/en-us/library/aa376539(VS.85).aspx
For example: Lets say I have a certificate that proves the identity for my web site and you need to know if this is a trusted site or not.
If I get a certificate from say Verisign for my web site and If you have the root certificate for Verisign trusted on your PC - then you will trust any certificate that Verisign issues and hence you will trust my certificate and hence my web site.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2013 Part … 176 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
http://support.microsoft.com/kb/931125
http://ask-leo.com/what_are_root_certificates_and_why_do_i_need_to_update_them.html