-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate Errors showing up under Windows Server 2003 #2
Comments
It is also happening under Windows XP. |
I fixed it by doing what was shown at https://www.youtube.com/watch?v=49PY6XJzUig. Here's an archive containing my certificates (which you might be able to add directly to Chromium) and the password I used when exporting them: |
Why is it so troublesome?Root and revocation certificates using Windows XP |
Thanks. Maybe Alex can have the installer update the certificates that the linked tool updates when ran. |
@Zero3K @jonm58 This is because just like with windows update, the certificate server is offline. However, things like the "Updated Certificates.zip" that you posted (which I see alot in XP forums, etc.), only update them to whatever date the zip was made. The tried and true (and proper way) is the way that Legacy Updater uses, BlackWingCat's ROOTS UPDATER. Here it is, and which I always use when installing Win 2000/XP/2003 > https://github.com/Alex313031/Windows-XP-Stuffz/tree/main/ROOTS_UPDATER Simply merge the .reg file, then run the .exe. It has wget embedded inside, which downloads the latest add/revoke lists from the same server used for Win 7+, converts it to an XP readable format (.pfx ver 1), and then uses certmgr to install them. It does essentially what Windows is supposed to do if the server was still online. |
Why not have the installer update the certificates for the user when installing it? |
@Zero3K I could include the roots updater in the installer, but Im not sure how I would get the installer to execute it after unpacking the main chromium payload. Besides Chromium, using that roots updater should be done regardless of if Chromium is installed. TLS, Firefox, IE8, and using some programs (like Qbittorent) will have issues/fail without the root certs updated. |
Why not use a custom installer that downloads them from https://github.com/JohnTHaller/RootCertificateUpdatesForLegacyWindows/releases and adds them to the proper stores (or include them in Chromium)? |
@Zero3K My usual install procedure for Win2000/xp/2003 is:
Note: By the way, that repo that the roots updater is in has all of these files and more, including some hard to find updates/hotfixes like the Exfat Driver, Wannacry patch, media player 10, MTP support patch, and WMITools > https://github.com/Alex313031/Windows-XP-Stuffz |
@Zero3K https://github.com/JohnTHaller/RootCertificateUpdatesForLegacyWindows/releases is also good, since he updates them regularly, but I still find it faster to use the roots updater. I just run it once a month (microsoft only updates them once a month anyway) #2 (comment) And because I don't know how to do that. I could figure out how, but I'm not willing to put that much effort into it when using either of the two methods to update the root certs only takes a few clicks and ~2 mins of your time. Maybe when I have more free time, but maintaining Thorium and my electron projects, on top of looking for a job and helping take care of the house kinda eats up my time. |
I do perceive this issue as being resolved to satisfaction. It is actually not the browsers job to groom the Operating systems certificates. The solutions described in here do work fine for me. |
The text was updated successfully, but these errors were encountered: