I have at least 10 Invalid or Expired Certificates in Intermediate and Trusted Root Certification Authorities .Should I remove them because they would be renewed when I visited each particular website ? 1 is a Microsoft Autheticode certificate, another
Microsoft timestamp certificate , and another, a Microsoft Root Authority Certificate?

Nicholas;

You can try to remove them, however.

[[When you attempt to remove a trusted root certificate authority by using
Microsoft Internet Explorer, the certificate authority may not be removed or
it may be reinstalled automatically.

This behavior can occur if the Update Root Certificates component is turned
on. The Update Root Certificates component automatically updates trusted
root certificate authorities from the Microsoft Update Server.]]

In Control Panel, double-click Add/Remove Programs.
Click Add/Remove Windows Components.
Scroll down to the Update Root Certificates component
-----------------

It has been explained to me that the expired certificates are needed for
backward compatability.


--
Hope this helps. Let us know.
Wes

In ,
Nicholas > hunted and pecked:
> I have at least 10 Invalid or Expired Certificates in Intermediate
> and Trusted Root Certification Authorities .Should I remove them
> because they would be renewed when I visited each particular website
> ? 1 is a Microsoft Autheticode certificate, another Microsoft
> timestamp certificate , and another, a Microsoft Root Authority
> Certificate?

Nicholas said in
:
> I have at least 10 Invalid or Expired Certificates in Intermediate
> and Trusted Root Certification Authorities .Should I remove them
> because they would be renewed when I visited each particular website
> ? 1 is a Microsoft Autheticode certificate, another Microsoft
> timestamp certificate , and another, a Microsoft Root Authority
> Certificate?

I forgot which software vendor I asked of this, but when I asked why I
needed their expired certificate, I was told that it was required for
their product to work as part of some authentication scheme. It didn't
matter that the certificate had expired. Their product would look for a
specific certificate (they have serial numbers), check it attributes
(but not that it expired), and qualify that their product could then
run. I think it was Symantec that told me this regarding their Norton
Internet Security or Anti-Virus products probably regarding LiveUpdate.
I don't see any expired Symantec certs now so maybe their LiveUpdate got
newer ones (it does require a root cert from Symantec before LiveUpdate
will work so maybe the install-time certs had already expired; I'm still
using the prior NIS2003 version), or it was because I downloaded their
newest version of LiveUpdate and maybe it includes a newer cert in its
install.

That was for expired certs, not for revoked ones. For me, there are
even a couple expired certs from Microsoft (they show in the Untrusted
Certificates category) but I'm a bit leery about them because their
Friendly Name is "Fraudulent, NOT Microsoft". I suppose it is possible
the Microsoft knows of a couple illegal certs pretending to be them so
they install them but as expired and with a warning in Friendly Name to
prevent products that use those illegal certs from running or validating
using them. So if the certificate can be identified by its "Issued To"
value, and especially in the descriptions, like Friendly Name, maybe you
can identify for what product the cert is used.

Even if you decide to delete them, first export them (and include the
private key). Then, in case you find something doesn't run because it
cannot find a digital signature for authentication, you can import the
saved cert.

--
__________________________________________________ __________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
__________________________________________________ __________

----- *Vanguard* wrote: -----

Nicholas said in
:
> I have at least 10 Invalid or Expired Certificates in Intermediate
> and Trusted Root Certification Authorities .Should I remove them
> because they would be renewed when I visited each particular website
> ? 1 is a Microsoft Autheticode certificate, another Microsoft
> timestamp certificate , and another, a Microsoft Root Authority
> Certificate?

I forgot which software vendor I asked of this, but when I asked why I
needed their expired certificate, I was told that it was required for
their product to work as part of some authentication scheme. It didn't
matter that the certificate had expired. Their product would look for a
specific certificate (they have serial numbers), check it attributes
(but not that it expired), and qualify that their product could then
run. I think it was Symantec that told me this regarding their Norton
Internet Security or Anti-Virus products probably regarding LiveUpdate.
I don't see any expired Symantec certs now so maybe their LiveUpdate got
newer ones (it does require a root cert from Symantec before LiveUpdate
will work so maybe the install-time certs had already expired; I'm still
using the prior NIS2003 version), or it was because I downloaded their
newest version of LiveUpdate and maybe it includes a newer cert in its
install.

That was for expired certs, not for revoked ones. For me, there are
even a couple expired certs from Microsoft (they show in the Untrusted
Certificates category) but I'm a bit leery about them because their
Friendly Name is "Fraudulent, NOT Microsoft". I suppose it is possible
the Microsoft knows of a couple illegal certs pretending to be them so
they install them but as expired and with a warning in Friendly Name to
prevent products that use those illegal certs from running or validating
using them. So if the certificate can be identified by its "Issued To"
value, and especially in the descriptions, like Friendly Name, maybe you
can identify for what product the cert is used.

Even if you decide to delete them, first export them (and include the
private key). Then, in case you find something doesn't run because it
cannot find a digital signature for authentication, you can import the
saved cert.

--
__________________________________________________ __________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
__________________________________________________ __________
I remembered being told something similar to what you wrote about compatibility , I think you are right. I updated Symantecs old Live Update 2 apparently and that went well, but had 2004 Antivirus. Seemed odd. By exporting I thought I would get a chan
ce to export it to somewhere in particular but I did not get the opportunity to choose. Where did it go ?Thankyou for your reply.

Nicholas;

I've got a Swisskey Root CA Certificate.
Expires Thursday, 31 December, 2015 5:59:00 PM
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
Secure Email Server Authentication

--
Hope this helps. Let us know.
Wes

In ,
Nicholas > hunted and pecked:
> ----- Wesley Vogel wrote: -----
>
> Nicholas;
>
> You can try to remove them, however.
>
> [[When you attempt to remove a trusted root certificate
> authority by using Microsoft Internet Explorer, the certificate
> authority may not be removed or it may be reinstalled
> automatically.
>
> This behavior can occur if the Update Root Certificates
> component is turned on. The Update Root Certificates component
> automatically updates trusted root certificate authorities from
> the Microsoft Update Server.]]
>
> In Control Panel, double-click Add/Remove Programs.
> Click Add/Remove Windows Components.
> Scroll down to the Update Root Certificates component
> -----------------
>
> It has been explained to me that the expired certificates are
> needed for backward compatability.
>
>
> --
> Hope this helps. Let us know.
> Wes
>
> In ,
> Nicholas > hunted and
> pecked: > I have at least 10 Invalid or Expired Certificates in
> Intermediate > and Trusted Root Certification Authorities
> .Should I remove them > because they would be renewed when I
> visited each particular website > ? 1 is a Microsoft
> Autheticode certificate, another Microsoft > timestamp
> certificate , and another, a Microsoft Root Authority >
> Certificate?
>
> The update Root Certificates 0.0 Mb's , and I found a Swisskey
> Root CA Certificate. It does not include a statement for me to find
> what it is for . It is in the Trusted Root Certificates.Thanhs for
> your reply.

Nicholas said in
:
> I remembered being told something similar to what you wrote
> about compatibility , I think you are right. I updated Symantecs old
> Live Update 2 apparently and that went well, but had 2004 Antivirus.
> Seemed odd. By exporting I thought I would get a chance to export it
> to somewhere in particular but I did not get the opportunity to
> choose. Where did it go ?Thankyou for your reply.

You never got the screen to prompt to what file to save the exported
certificate? Maybe it just aborted.

--
__________________________________________________ __________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
__________________________________________________ __________

A question , If I delete Certificates and visited the website they were issued from would the site issue an updated certificate?