Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Update Root Certificates

Posted on 2010-08-17
8
Medium Priority
?
6,071 Views
Last Modified: 2012-05-10
I would like to know answers for following...

What is the purpose of Update Root Certificates

How do i turn off update root certificates in W2K8

what is the draw back of turning off it.

what is the benefit of turning it on


0
Comment
Question by:sudhirgoogle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 800 total points
ID: 33460971
Root certificates are important when it comes to security if you don't update the root certificates you run a chance that you will go to website and you will not be able to access or you will get SSL errors since you have old root certificates.

http://support.microsoft.com/kb/931125

http://ask-leo.com/what_are_root_certificates_and_why_do_i_need_to_update_them.html
0
 
LVL 1

Author Comment

by:sudhirgoogle
ID: 33461627
Thanks for posting that links. So to turn off the automatic root certificates updates, here is what i did.

in group policy -> Computer Configuration\Administrative Templates\System\Internet Communication Management -> I made "Restrict Internet Communication" to Not configured.
And
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings-> I made "Turn Off Automatic Root Certificates Updates" to Enable.

Is this the right way to turn off Automatic root certificates updates on windows server 2008 box ?? or is there any other way to do that.

Please find the attachment.

1.JPG
0
 
LVL 1

Author Comment

by:sudhirgoogle
ID: 33461634
another attachment
2.JPG
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33464317
Well you can just disable the Turn Off Automatic Root Cert Updates. Even with the above setting you can still update manually if you ever need to update.
0
 
LVL 4

Assisted Solution

by:grimace606
grimace606 earned 1200 total points
ID: 33466059
Answers below:

What is the purpose of Update Root Certificates
The certificate authorities that issue public certificates issue these based on the ROOT certificates that they publish. This list of root certificates is explicitly trusted and changes from time to time for various reasons. Windows automatically gets updates for this trusted list.

How do i turn off update root certificates in W2K8
Do as sudhirgoogle: posted above

what is the draw back of turning off it.
You will have to manually update this list. If it gets too out of date then you will get errors with your public certificates+ security risk.
what is the benefit of turning it on
Saves you time and effort + no errors + better security. There may be instances where you do need to turn this off eg. on an exchange server to support intermediate certificates for older mobile devices.
Hope this answers your questions.
0
 
LVL 1

Author Comment

by:sudhirgoogle
ID: 33473558
Hello grimace606,

Thanks for your response. I do not understand your statement "The certificate authorities that issue public certificates issue these based on the ROOT certificates that they publish"

Can you please explain that little bit more detail..

0
 
LVL 4

Assisted Solution

by:grimace606
grimace606 earned 1200 total points
ID: 33484682

"A CA issues digital certificates that contain a public key and the identity of the owner. The matching private key is not similarly made available publicly, but kept secret by the end user who generated the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates. CAs use a variety of standards and tests to do so. In essence, the Certificate Authority is responsible for saying "yes, this person is who they say they are, and we, the CA, verify that".
If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to whoever is identified in the certificate."
A user will trust the issuing Public CA - they will do this based  on the ROOT certificate issued by the public CA.
Companies that own their own root certificates are root certificate authorities. A trusted root certificate authority is one that your web browser includes in its list of trusted authorities.

Some reading on certificates : http://msdn.microsoft.com/en-us/library/aa376539(VS.85).aspx
For example: Lets say I have a certificate that proves the identity for my web site and you need to know if this is a trusted site or not.
If I get a certificate from say Verisign for my web site and If you have the root certificate for Verisign trusted on your PC - then you will trust any certificate that Verisign issues and hence you will trust my certificate and hence my web site.
0
 
LVL 1

Author Closing Comment

by:sudhirgoogle
ID: 33780384
question answered
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question