dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
16

StuartMW
Premium Member
join:2000-08-06

StuartMW to Libra

Premium Member

to Libra

Re: Mozilla: Revoking Trust in Two TurkTrust Certificates



Well if you have the update installed you'll see that the two certs are untrusted.
Libra
Premium Member
join:2003-08-06
USA

Libra

Premium Member


Untrusted publishers

continued

I don't see Turktrust listed anywhere?
I don't understand this. I have the roots certificate in Event Viewer:

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 1/9/2013 12:20:20 PM
Event ID: 16
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: -PC
Description:
Successful auto update of disallowed certificate list with effective date:: Monday, December 31, 2012 6:50:01 PM;.
Event Xml:

16
0
4
0
0
0x80000000000000

21788

Application
MyVista-PC

Monday, December 31, 2012 6:50:01 PM

This is the Certificates Untrusted Publishers of IE:

Could Defense Wall prevent this certificate operation?

Sincerely, Libra

P.S. Thank you for the screenshot.

StuartMW
Premium Member
join:2000-08-06

1 edit

StuartMW

Premium Member

Not sure what the issue is. Are the certs under one of the "trusted" tabs?

If they're not anywhere at all then by default they'll be untrusted.
Libra
Premium Member
join:2003-08-06
USA

Libra

Premium Member

Thank you. I'll check that.
Libra

Libra

Premium Member

I just checked. Under Trusted Root Certificate Authorities, I have 5 Turktrusts listed. Three are for Serificat Hizmet Sag (bad one) and two are for Electronik Islem Hiz. Under Trusted Publishers I have nothing listed.

I don't think Defense Wall is behind this because I just checked another computer (7 64bit) and it also had the event showing the disallowed certificates updated and when I view IE 8 I have the same results as listed above. Defense Wall isn't on that computer.

It would be nice if these roots certificates worked as designed.

Sincerely, Libra
redwolfe_98
Premium Member
join:2001-06-11

redwolfe_98

Premium Member

libra, maybe you are confusing things.. this thread is about mozilla's supposedly removing the trust for some-or-all turktrust certificates.. what you are looking at, it seems, is the certificates for "IE", for "internet explorer"..

here is MS's advisory regarding the "bad" turktrust certificates:

»technet.microsoft.com/en ··· /2798897

if you installed the certificate-update for IE, mentioned in the MS-advisory, you should see these added to IE's "untrusted publishers" (see the last entry in the advisory's FAQ's):

(1) *.google.com *.EGO.GOV.TR

(2) e-islem.kktcmerkezbankasi.org TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

(3) *.EGO.GOV.TR TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

that is all there is to it.. the three entries, posted above, should be included in IE's "untrusted publishers"..

with "firefox", again, it appears that mozilla failed to do anything about the bad turktrust certificates.. all you can do is edit-and-disable the "trust" for the two turktrust certficates, and hope that, one day, mozilla will get a clue as to which way is up..
Libra
Premium Member
join:2003-08-06
USA

Libra

Premium Member

I am definitely getting confused. I did change the two certificates in Pale Moon to untrusted. I don't have the three certicates you listed in IE as untrusted. I believe the untrusted list is being updated by what is listed in the Event Viewer.

I just made a copy of the instructions to view the certificate store in a snap in. I'll try that out on this computer later (I don't know the runtime on the other two to know if the instructions are the same.)

I appreciate your help with this.

Sincerely, Libra
redwolfe_98
Premium Member
join:2001-06-11

redwolfe_98

Premium Member

libra, here is a link to a MS webpage with links for downloading the update for the revoked certificates.. just download and install the "update" that is appropriate for your computer, depending on which windows operating system you are using:

»support.microsoft.com/kb/2798897
Libra
Premium Member
join:2003-08-06
USA

Libra

Premium Member

Thank you, thank you, thank you I installed that update and now I show the three untrusted publishers.

I still find it odd that Event Viewer said they were put into the computer. But I'm quite happy, with your help, to have them now listed.

I put the update on a flash drive and I'll run it on my other two computers.

Again, I appreciate your help. (I wasn't looking forward to trying to access that snap in.)

Sincerely, Libra