Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / How to Check Trusted Root Certification Authorities for Suspicious Certs

August 31, 2017 Windows 10Windows 7

How to Check Trusted Root Certification Authorities for Suspicious Certs

Windows users need to pay more attention to certificates installed on their computers. Recent incidents with Lenovo Superfish, Dell eDellRoot and Comodo PrivDog certificates evidence that users have to be both attentive when they install new applications and aware what software and certificates are preinstalled in the system by the manufacturer. Fake or specially generated certificates help hackers to perform MiTM (man-in-the-middle) attacks, capture your traffic (including HTTPS), allow malicious software or scripts to run, etc.

As a rule, these certificates are installed in the Trusted Root Certification Authorities store. Let’s see how you can check the store for the third-party certificates.

In general, the Trusted Root Certification Authorities store should contain only trusted certificates verified and published by Microsoft under Microsoft Trusted Root Certificate Program. To check the certificate store for third-party certificates, use Sigcheck (a tool from Sysinternals).

  1. Download Sigcheck from Microsoft website (https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx)
  2. Unpack Sigcheck.zip to any folder (e. g., C:\install\sigcheck\)
  3. Start the command prompt and go to the directory where the tool is located: cd C:\install\sigcheck\
  4. Run sigcheck.exe –tv or sigcheck64.exe –tv (for 64-bit Windows versions) in the command prompt
  5. At the first run, sigcheck prompts to accept license termssigcheck64 accept license agreement
  6. Then the tool downloads authrootstl.cab archive containing the list of MS root certificates in Certification Trust List format from Microsoft website and saves it to its own directory.

    Tip. If there is no direct Internet connection on your computer, you can download authrootstl.cab yourself following this link http://download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab and manually place it to the directory containing SigCheck
  7. The tool will compare the list of certificates installed on your computer with the list of MSFT root certificates in authrootstl.cab. If there are third-party certificates in the list of root certificates on your computer, SigCheck will display them. In our case, there is one certificate with the name test1 (it is a self-signed certificate created using New-SelfSignedCertificate cmdlet that I have created to sign the code of a PowerShell script)sigcheck: list cert not rooted in Microsoft Certificate Trust List
  8. Each found third-party certificate must be analyzed to evaluate if it should be on the list of trusted certificates. It is also recommended to find out what application has installed and uses it.

    Tip. If the computer is a part of a domain, it is likely that list of “third-party” certs will contain the root certificates  of internal certification authority (CA) and other certificates integrated into the system image or distributed using GPO .
  9. To delete a certificate from the list of trusted certificates, start the certificate management console (msc), expand Trusted Root Certification Authorities -> Certificates and delete the certificates found by SigCheck utilitydelete certificate from trusted root certification authorities

Thus, it is recommended to check the certification store using SigCheck on all systems, especially on the OEM computers with the preinstalled OS and different Windows builds distributed via some popular torrent trackers.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
How to Configure a Slideshow Screensaver Using GPO
next post
Recovering Files from a RAW Partition using TestDisk

Related Reading

How to Use Ansible to Manage Windows Machines

September 25, 2023

Installing Language Pack in Windows 10/11 with PowerShell

September 15, 2023

How to View and Change BIOS (UEFI) Settings...

September 13, 2023

How to Create UEFI Bootable USB Drive to...

September 11, 2023

Redirect HTTP to HTTPS in IIS (Windows Server)

September 7, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • How to Use Ansible to Manage Windows Machines

    September 25, 2023
  • Installing Language Pack in Windows 10/11 with PowerShell

    September 15, 2023
  • Configure Email Forwarding for Mailbox on Exchange Server/Microsoft 365

    September 14, 2023
  • How to View and Change BIOS (UEFI) Settings with PowerShell

    September 13, 2023
  • How to Create UEFI Bootable USB Drive to Install Windows

    September 11, 2023
  • Redirect HTTP to HTTPS in IIS (Windows Server)

    September 7, 2023
  • Add an Additional Domain Controller to an Existing AD Domain

    September 6, 2023
  • How to Install an SSL Certificate on IIS (Windows Server)

    September 5, 2023
  • Managing Windows Firewall Rules with PowerShell

    August 31, 2023
  • Fixing ‘The Network Path Was Not Found’ 0x80070035 Error Code on Windows

    August 30, 2023

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to increase KMS current count (count is insufficient)
  • Unable to Connect Windows 10 Shared Printer to Windows XP
  • Error 0x80073CFA: Can’t Uninstall Apps using Remove-AppxPackage in Windows 10
  • Auto-Mount a VHD/VHDX File at Startup in Windows 10, 8.1
  • Limited Wi-Fi Access in Windows 10 and 8.1 – Troubleshooting
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top