But but but...
- does not solve the root (pun intended) issue. The same situation can occurs with other CA (from the same or a different company);
- will remove the trust from all certificate signed (past and future) by this CA.
First check how many certificates you have installed in your Trust store:
~ @ certmgr -list -c Trust | grep "Unique Hash" | wc -l 140
Next remove the CA root certificate that signed all those bad certificates:
~ @ certmgr -del -c Trust 89B5351EC11451D06E2F95B5F89722D527A897B9
Finally validate that the certificate was removed.
~ @ certmgr -list -c Trust | grep "Unique Hash" | wc -l 139 ~ @ certmgr -list -c Trust | grep "UTN-USERFirst-Hardware"
If the number was decreased by one and the string UTN-USERFirst-Hardware can't be found anymore then this batch of bad certificates won't affect you.
Note: Repeat the above steps with -m if you installed root certificates on the machine store.
3/24/2011 13:33:15 | Comments
The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.