Results 1 to 4 of 4
2012-12-28, 14:04 #1Ken KashmarekGuest
Trusted Certificates - how do you know?
Looking for some help on "trusted" certificates. As part of login processing slowdown, I found over 350 "trusted" certificates on my Win7 32-bit computer (fully patched). A clean install into a new partition shows that 22 such certificates is all that is necessary. Most of the extra certificates are from foreign countries (though some are from banks, credit card issuers, or financial institutions).
Any idea how they get there? Could they be part of an attempt to use my computer in a botnet? What is the best reference for Trusted Certificates 101? Does anyone have a "trusted" certificate management tool that ties them together, explains where they came from (and why), plus knows which ones can be deleted without incurring any probelms?
I have built the certificate view (found at Microsoft) using MMC. This is a very revealing look but not a true "do I need this" tool for certificates. It simple shows what is there.
How do the rest of you handle trusted certificates? Do you bother?
Your feedback would be appreciated.
2012-12-29, 02:39 #2
- Join Date
- Dec 2009
- Thanked 955 Times in 886 Posts
AFAIK there is no tool to check your certificates in bulk.
Certificates will not be trusted unless you already have a trusted certificate that the new certificate references. Thus a clean install of Windows provides a base set of trusted "root" certificates and everything else references them. You can check an individual certificate by looking at the certificate hierarchy. If a certificate is forged / obtained under false pretences / stolen the original trusted supplier adds the certificate to a revocation list that your computer checks. Any certificate found in that list is automatically un-trusted.
When you visit a web site that has a certificate that is not in your trusted list you have the option to add it to the list. The same happens for email certificates, program signing certificates etc.
Post the details of a certificate you are not sure about and we can walk you through it.
2012-12-29, 06:06 #3Ken KashmarekGuest
From th elarge count of over 350 certificates, I dropped back to a minimal set that was found on a clean install of Win7 (hand deleting the ones not in the starter set). I don't have any on hand right now that are in the questionalble status.
2012-12-29, 15:03 #4Ken KashmarekGuest
Okay, I found out where the 350+ certificates came from.
My existing Win7 system was built and the Windows Easy Transfer program moved stuff from XP to the Win7 system. The (vendor supplied) XP system had over 400 certificates.
I am not going to bother with deleting these from that XP system as it is seldom used anymore, but I suspect that many of them came with the computer as part of the package of crapware supplied by the vendor. That system was in use for 3-4 years before I moved to Win7.