Hi, I discovered a bunch of untrusted and fraudulent certificates in my certmgr.msc, see attachment.
Is this indicative of any threats on my computer, or is it normal to have such certificates? And should I delete all of them (especially those that haven’t expired yet)?
Thank you.
Is anyone familiar with the Certificate Manager and can help me out here?
Thanks in advance!
How many times is it that you need to be told you are trying to do things that are way over you head before you understand it?
None Eddy, since I’m asking for advice and not for constant insults (knee-jerk at that).
And what am I “trying to do” as you put it, that’s over my head? I’m just asking if it’s okay that there’s fraudulent certificates on my computer, and if other people have them as well (which would tell me that it’s quite a normal occurrence for whatever reason).
Hey, I have a lot of certificates there too. Maybe Polonus could help us how to scan/remove most of them… Or Pondus, or any other who knows how to manage the certificates…
Hi ehmen and Lisandro,
We are glad to be of help and now with Superfish and PrivDog scandal unfolding, it is mighty important to manage root certificates to avoid MIM attacks and I mean that this is important for everyone.
Read here: https://support.quovadisglobal.com/KB/a41/how-do-i-check-my-certificates-on-firefox.aspx?KBSearchID=27234
On Chrome devices: https://support.google.com/chrome/a/answer/6080885?hl=en
For the Chrome Browser: https://support.google.com/chrome/answer/95572?hl=en
polonus
Isn’t the whole point of the untrusted certificates is to act as a reference blacklist so as not to allow these certificates if you come across them during browsing, etc.
I can’t recall who updates these untrusted certificates - windows updates or other source.
But I never allow anything and there are tons of certificates there…
Thanks Polonus. Can you help me writing a blog article about these two incidents? (Superfish and PrivDog).
Better than everything else:
That’s the point, you don’t have to allow Trusted Certificates, it is why they are issued so you can prove who you are as such - so without something like the Untrusted Certificates they too would be classed as trusted and would sail through.
How can I check the list of my certificates?
The untrusted are a checklist aka a blacklist, windows will treat any so marked as bad
Expired certificates from DigiNotar should be removed.
They where hacked in 2011
The company has be gone since 20 september 2011 (bankrupt).
Can’t find any expired or DigiNotar certificate in my list…
Thanks everyone for your input.
Bottom line: should I delete all of the untrusted and fraudulent certificates or only specific ones?
Thank you.
Hi ehmen,
Tho you may not care for Eddy’s advice, be mindful of what you do. The certificate listing is a list Windows uses to prevent potential harm to your computer. This list is sometimes updated by Microsoft in one of their periodic Windows Updates called ‘root certificates’.
https://en.wikipedia.org/wiki/Root_certificate
The difference between any user that knows what they are doing and the ones that don’t, basically is the difference between fixing something that needs to be fixed and not fixing things that don’t.
So the fine line between fixing things one wants to fix must be tempered with an acute and accurate assessment over what, if anything, needs to be fixed at all. Just because one has control over a system does not mean that one should fix things just because they can.
Not without first imaging their system disk in case disaster strikes. If an image is created first, one can do whatever they want and recover. If one wants to experiment, then imaging is a must do.
Again, “if it ain’t broke, don’t fix it”.
Learning something new is a good thing, but it must be tempered with research and caution and restraint.
If one always follows these three conditions, one can come to the best and correct decisions, and one does not have to then fix a system they broke unnecessarily. Nothing wrong with learning new stuff, it is when to apply that new knowledge, and to what degree, that will make the difference long-term for all users, not just you.
Which is exactly why I am asking and not doing anything yet.
So please if you could tell me, should I delete any of the untrusted and fraudulent certificates or not? Are any of them (in attachment above) dangerous or harmful to have on my computer, or are they all fine?
If you can answer my question (which is what I asked in my original post) I would appreciate it very much! Since then I would know what to do regarding this issue.
Thank you in advance!
It may not be necessary to delete any untrusted certificates due to the fact that these untrusted certificates are there in that folder will mean they cannot be used again by Windows or any other program:
http://windows.microsoft.com/en-us/windows/certificate-faq#1TC=windows-vista
Expand the ‘Show all’ link and read the entire thing.
http://ask-leo.com/what_are_root_certificates_and_why_do_i_need_to_update_them.html
Read both and then come back to share what you understand why certificates are necessary. You may well find the answer you seek just from these two links.
If you still need help please post that too.
Thank you for those links!
So I gather from you that I shouldn’t delete any untrusted or fraudulent keys because in reality, they’re shields against those untrusted attempts if they’re made against my browser/computer?
Also, how could I know if there’s ever a certificate in my certmgr.msc that’s fake and malicious (for real, and not a “Shield” against a malicious attempt but the attempt itself)?
Thank you very much mchain!
Also, how could I know if there's ever a certificate in my certmgr.msc that's fake and maliciousSearch and do research. Learn how things are working, what they do (or don't) etc. It all starts with knowledge. Nothing personal and no offense mend, but so far you are only asking about things that are really way over your head. My advise, start with learning the basic things first.
Such as?