Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Certificate Errors showing up under Windows Server 2003 #2

Open
Zero3K opened this issue Oct 10, 2023 · 11 comments
Open

Certificate Errors showing up under Windows Server 2003 #2

Zero3K opened this issue Oct 10, 2023 · 11 comments
Labels
Information Describes something that many users would want to be aware of.

Comments

@Zero3K
Copy link

Zero3K commented Oct 10, 2023

VirtualBox_Windows Server 2003_10_10_2023_11_14_21

@Zero3K
Copy link
Author

Zero3K commented Oct 10, 2023

It is also happening under Windows XP.

@Zero3K
Copy link
Author

Zero3K commented Oct 10, 2023

I fixed it by doing what was shown at https://www.youtube.com/watch?v=49PY6XJzUig. Here's an archive containing my certificates (which you might be able to add directly to Chromium) and the password I used when exporting them:

Updated Certificates.zip

@jonm58
Copy link

jonm58 commented Oct 11, 2023

I fixed it by doing what was shown at youtube.com/watch?v=49PY6XJzUig. Here's an archive containing my certificates (which you might be able to add directly to Chromium) and the password I used when exporting them:

Updated Certificates.zip

Why is it so troublesome?Root and revocation certificates using Windows XP

@Zero3K
Copy link
Author

Zero3K commented Oct 11, 2023

Thanks. Maybe Alex can have the installer update the certificates that the linked tool updates when ran.

@Alex313031
Copy link
Owner

Alex313031 commented Oct 12, 2023

@Zero3K @jonm58 This is because just like with windows update, the certificate server is offline. However, things like the "Updated Certificates.zip" that you posted (which I see alot in XP forums, etc.), only update them to whatever date the zip was made.

The tried and true (and proper way) is the way that Legacy Updater uses, BlackWingCat's ROOTS UPDATER.
Blackwingcat also maintains the windows 2000 kernel extender, and the k-melon fork

Here it is, and which I always use when installing Win 2000/XP/2003 > https://github.com/Alex313031/Windows-XP-Stuffz/tree/main/ROOTS_UPDATER

Simply merge the .reg file, then run the .exe. It has wget embedded inside, which downloads the latest add/revoke lists from the same server used for Win 7+, converts it to an XP readable format (.pfx ver 1), and then uses certmgr to install them. It does essentially what Windows is supposed to do if the server was still online.

@Zero3K
Copy link
Author

Zero3K commented Oct 12, 2023

Why not have the installer update the certificates for the user when installing it?

@Alex313031
Copy link
Owner

@Zero3K I could include the roots updater in the installer, but Im not sure how I would get the installer to execute it after unpacking the main chromium payload.

Besides Chromium, using that roots updater should be done regardless of if Chromium is installed. TLS, Firefox, IE8, and using some programs (like Qbittorent) will have issues/fail without the root certs updated.

@Zero3K
Copy link
Author

Zero3K commented Oct 12, 2023

Why not use a custom installer that downloads them from https://github.com/JohnTHaller/RootCertificateUpdatesForLegacyWindows/releases and adds them to the proper stores (or include them in Chromium)?

@Alex313031
Copy link
Owner

Alex313031 commented Oct 12, 2023

@Zero3K My usual install procedure for Win2000/xp/2003 is:

  1. Full format + Install
  2. Configure settings and install optional components (so that you don't have to re-apply a service pack)
  3. Install service pack (not usually needed since official ISOs with latest service packs are available)
  4. Install drivers
  5. Run root certificate updater
  6. Install Visual C++, Net Framework, and Directx 9c (See note below)
  7. Install programs, files, etc.

Note: By the way, that repo that the roots updater is in has all of these files and more, including some hard to find updates/hotfixes like the Exfat Driver, Wannacry patch, media player 10, MTP support patch, and WMITools > https://github.com/Alex313031/Windows-XP-Stuffz

@Alex313031
Copy link
Owner

@Zero3K https://github.com/JohnTHaller/RootCertificateUpdatesForLegacyWindows/releases is also good, since he updates them regularly, but I still find it faster to use the roots updater. I just run it once a month (microsoft only updates them once a month anyway)

#2 (comment) And because I don't know how to do that. I could figure out how, but I'm not willing to put that much effort into it when using either of the two methods to update the root certs only takes a few clicks and ~2 mins of your time. Maybe when I have more free time, but maintaining Thorium and my electron projects, on top of looking for a job and helping take care of the house kinda eats up my time.

@Alex313031 Alex313031 added the Information Describes something that many users would want to be aware of. label Oct 12, 2023
@JoachimHenze
Copy link

I do perceive this issue as being resolved to satisfaction. It is actually not the browsers job to groom the Operating systems certificates. The solutions described in here do work fine for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Information Describes something that many users would want to be aware of.
Projects
None yet
Development

No branches or pull requests

4 participants