Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / How to Check Trusted Root Certification Authorities for Suspicious Certs

August 31, 2017 Windows 10Windows 7

How to Check Trusted Root Certification Authorities for Suspicious Certs

Windows users need to pay more attention to certificates installed on their computers. Recent incidents with Lenovo Superfish, Dell eDellRoot and Comodo PrivDog certificates evidence that users have to be both attentive when they install new applications and aware what software and certificates are preinstalled in the system by the manufacturer. Fake or specially generated certificates help hackers to perform MiTM (man-in-the-middle) attacks, capture your traffic (including HTTPS), allow malicious software or scripts to run, etc.

As a rule, these certificates are installed in the Trusted Root Certification Authorities store. Let’s see how you can check the store for the third-party certificates.

In general, the Trusted Root Certification Authorities store should contain only trusted certificates verified and published by Microsoft under Microsoft Trusted Root Certificate Program. To check the certificate store for third-party certificates, use Sigcheck (a tool from Sysinternals).

  1. Download Sigcheck from Microsoft website (https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx)
  2. Unpack Sigcheck.zip to any folder (e. g., C:\install\sigcheck\)
  3. Start the command prompt and go to the directory where the tool is located: cd C:\install\sigcheck\
  4. Run sigcheck.exe –tv or sigcheck64.exe –tv (for 64-bit Windows versions) in the command prompt
  5. At the first run, sigcheck prompts to accept license termssigcheck64 accept license agreement
  6. Then the tool downloads authrootstl.cab archive containing the list of MS root certificates in Certification Trust List format from Microsoft website and saves it to its own directory.

    Tip. If there is no direct Internet connection on your computer, you can download authrootstl.cab yourself following this link http://download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab and manually place it to the directory containing SigCheck
  7. The tool will compare the list of certificates installed on your computer with the list of MSFT root certificates in authrootstl.cab. If there are third-party certificates in the list of root certificates on your computer, SigCheck will display them. In our case, there is one certificate with the name test1 (it is a self-signed certificate created using New-SelfSignedCertificate cmdlet that I have created to sign the code of a PowerShell script)sigcheck: list cert not rooted in Microsoft Certificate Trust List
  8. Each found third-party certificate must be analyzed to evaluate if it should be on the list of trusted certificates. It is also recommended to find out what application has installed and uses it.

    Tip. If the computer is a part of a domain, it is likely that list of “third-party” certs will contain the root certificates  of internal certification authority (CA) and other certificates integrated into the system image or distributed using GPO .
  9. To delete a certificate from the list of trusted certificates, start the certificate management console (msc), expand Trusted Root Certification Authorities -> Certificates and delete the certificates found by SigCheck utilitydelete certificate from trusted root certification authorities

Thus, it is recommended to check the certification store using SigCheck on all systems, especially on the OEM computers with the preinstalled OS and different Windows builds distributed via some popular torrent trackers.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
VMware vSphere 6.5 Licensing Guide
next post
Fix: Windows Cannot Connect to the Printer Error 0x00000057

Related Reading

Using PowerShell Behind a Proxy Server

July 1, 2022

How to Deploy Windows 10 (11) with PXE...

June 27, 2022

Checking Windows Activation Status on Active Directory Computers

June 27, 2022

Configuring Multiple VLAN Interfaces on Windows

June 24, 2022

How to Disable or Enable USB Drives in...

June 24, 2022

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Using PowerShell Behind a Proxy Server

    July 1, 2022
  • How to Access VMFS Datastore from Linux, Windows, or ESXi?

    July 1, 2022
  • How to Deploy Windows 10 (11) with PXE Network Boot?

    June 27, 2022
  • Checking Windows Activation Status on Active Directory Computers

    June 27, 2022
  • Configuring Multiple VLAN Interfaces on Windows

    June 24, 2022
  • How to Disable or Enable USB Drives in Windows using Group Policy?

    June 24, 2022
  • Adding Domain Users to the Local Administrators Group in Windows

    June 23, 2022
  • Viewing a Remote User’s Desktop Session with Shadow Mode in Windows

    June 23, 2022
  • How to Create a Wi-Fi Hotspot on your Windows PC?

    June 23, 2022
  • Configuring SSH Public Key Authentication on Windows

    June 15, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to increase KMS current count (count is insufficient)
  • Unable to Connect Windows 10 Shared Printer to Windows XP
  • Using the BitLocker Repair Tool to Recover Data on Encrypted Drive
  • Auto-Mount a VHD/VHDX File at Startup in Windows 10, 8.1
  • Error 0x80073CFA: Can’t Uninstall Apps using Remove-AppxPackage in Windows 10
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top