A certification is revoked and the files on the media are no longer trusted
A certification is revoked and the files on the media are no longer trusted. Can this be fixed in 800xa 6.1
Asked 4 months ago
Answers
0
Just noticed this the other week in Win10 clients (Server 2016 seem unaffected in my lab).
Apparently, there is a flaw in the treatment of the feedback received from the MS x509 API regarding certificate revocation.
I have posted an embryo to a new Product Bulletin to the PM team...
... and really, if you seek a correction you should address your regional ABB support team instead of a lightly moderated and public Internet forum... :-)
Apparently, there is a flaw in the treatment of the feedback received from the MS x509 API regarding certificate revocation.
I have posted an embryo to a new Product Bulletin to the PM team...
... and really, if you seek a correction you should address your regional ABB support team instead of a lightly moderated and public Internet forum... :-)
0
I've learned that a certificate used to sign the System 800xA media have been revoked - I'm guessing the ABBIssuingCA7 cert based on the time it appeared in the local CRL (Certificate Revocation List) repository and when the warning started to popup in the SCC > Configure System task.
To check the local computer's CRL repository use certutil:
To check the local computer's CRL repository use certutil:
certutil -urlcache -v CRL
However, in my lab I get different results between Windows 10 and Server 2016 belonging to the same domain and WSUS server, even after performing "Windows Update" (the CRLs are published online and can only be found if the computer is able to update).
0
Check this register entry, it should be disabled (0).
HKLM:\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate
I am not really sure why but, sometimes Windows graphical interface says root certificates update is disabled however the register keeps holding 1.
PS.: tested at lab environment, I can't tell if there will be any impact on production systems.
HKLM:\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate
I am not really sure why but, sometimes Windows graphical interface says root certificates update is disabled however the register keeps holding 1.
PS.: tested at lab environment, I can't tell if there will be any impact on production systems.
Answered 1 month ago
Add new comment