Windows 7 - Windows 10 requires to update the root certification centers from time to time.

Comment

Root certificates are supporting pillars for other, intermediate certificates of certificate issuance centers for certifying centers and ultimately for sites. Without them, the trust chain does not work and encryption HTTPS does not work. Due to the fact that it is necessary to ensure safety, root certificates can only be obtained from proven sources (you can not upload any files for certificates from Yandex disk, third -party sites, etc.).

1. Obtaining root certificates from the Windows Update website

There is a utility CE to download root certificatesrtutil.exe, которую нужно запустить с ключом -generateSSTFromWU и именем выходного файла, например: c:\certs\roots.sst

certutil.exe -generateSSTFromWU c:\certs\roots.sst

Where the CERTS is the catalog that needs to be created.

The description of all the key keys can be read in the Spisok.txt file:
Spisok-win1251.txt
Spisok-linux.txt

Description of the Certutil.exe program key:

-generateSSTFromWU -- Создание SST в Центре обновления Windows

Here SST is relevant trusted root certification centers in the SST type file.

Source:UPDating trusted root certificaTes in Windows 10

Command execution certutil.exe -generateSSTFromWU c:\certs\roots.sst занимает минуты 3-4:

2. Export of root certificates to the p7b file

The resulting SST-file opens with a double click of the mouse.

In which you can sort certificates by validity, release current certificates and press the right mouse button - export.

2.1 The beginning of the master of export of certificates:

2.2 selection of the type of output file. I put an end to the P7B - a transport container in which all certificates are in one file (the so -called Bundle).

2.3 Select the output catalog and the name of the file with the P7B extension for export

2.4 Continuation of the master - button "Next"

2.5 message about the successful completion of exports: "Export is successfully completed."

3. Import of root certificates from the P7B file to the system

3.1 In the conductor, click on the resulting P7B file with the right mouse button - "import"

Increased the fragment of the screen:

3.2 The beginning of the master of Import Certificates

Next

3.3 We agree with the automatic storage choice - further.

3.4 The last step of the master of imports of certificates into the system:

3.5 message about the completion of the import of certificates into the system: "Import is successfully completed."

4. Loading and installing the root certificate of the Ministry of Cyphra (Ministry of Digital Development, Communications and Mass Communications of the Russian Federation)

4.1 download certificate from the site

https: // gosuslugi.ru/TLS

4.2 Install it in the same way - the right button - install.
For fidelity, you can choose where to import - in the section "Trusted root centers".

5. Other sources of certificates - Treasury website

The site of the Federal Treasury:

Root certificates

6. A method for obtaining existing and recalled certificates in the form of CAB files

• List of current root certificates -http: //ctldl.windowsupdate.com/ ... authrootstl.caB.
• List of revoked root certificates -http: //ctldl.windowsupdate.com/ ... disallowedcertstl.caB.

Unpack the file using the 7zip archiver (7zip.org), for example, in the C: \ PS folder

Installation:

* Acting root centers - Import from the file authroot.stl

certutil -enterprise -f -v -AddStore "Root"   "C:\PS\authrOOT.STL " 

* revoked root centers - import from the file disallowedcert.stl

certutil -enterprise -f -v -AddStore disallowed "C:\PS\disallowedcerT.STL " 

Related publications

Bat file for updating the CRL list of certificates

Use Ramdisk to accelerate 1C

Восстановление работы DCOM в Windows

Disconnecting a feed of News in Windows 10

Лёгкие интернет браузеры