Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / How to Check Trusted Root Certification Authorities for Suspicious Certs

August 31, 2017 Windows 10Windows 7

How to Check Trusted Root Certification Authorities for Suspicious Certs

Windows users need to pay more attention to certificates installed on their computers. Recent incidents with Lenovo Superfish, Dell eDellRoot and Comodo PrivDog certificates evidence that users have to be both attentive when they install new applications and aware what software and certificates are preinstalled in the system by the manufacturer. Fake or specially generated certificates help hackers to perform MiTM (man-in-the-middle) attacks, capture your traffic (including HTTPS), allow malicious software or scripts to run, etc.

As a rule, these certificates are installed in the Trusted Root Certification Authorities store. Let’s see how you can check the store for the third-party certificates.

In general, the Trusted Root Certification Authorities store should contain only trusted certificates verified and published by Microsoft under Microsoft Trusted Root Certificate Program. To check the certificate store for third-party certificates, use Sigcheck (a tool from Sysinternals).

  1. Download Sigcheck from Microsoft website (https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx)
  2. Unpack Sigcheck.zip to any folder (e. g., C:\install\sigcheck\)
  3. Start the command prompt and go to the directory where the tool is located: cd C:\install\sigcheck\
  4. Run sigcheck.exe –tv or sigcheck64.exe –tv (for 64-bit Windows versions) in the command prompt
  5. At the first run, sigcheck prompts to accept license termssigcheck64 accept license agreement
  6. Then the tool downloads authrootstl.cab archive containing the list of MS root certificates in Certification Trust List format from Microsoft website and saves it to its own directory.

    Tip. If there is no direct Internet connection on your computer, you can download authrootstl.cab yourself following this link http://download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab and manually place it to the directory containing SigCheck
  7. The tool will compare the list of certificates installed on your computer with the list of MSFT root certificates in authrootstl.cab. If there are third-party certificates in the list of root certificates on your computer, SigCheck will display them. In our case, there is one certificate with the name test1 (it is a self-signed certificate created using New-SelfSignedCertificate cmdlet that I have created to sign the code of a PowerShell script)sigcheck: list cert not rooted in Microsoft Certificate Trust List
  8. Each found third-party certificate must be analyzed to evaluate if it should be on the list of trusted certificates. It is also recommended to find out what application has installed and uses it.

    Tip. If the computer is a part of a domain, it is likely that list of “third-party” certs will contain the root certificates  of internal certification authority (CA) and other certificates integrated into the system image or distributed using GPO .
  9. To delete a certificate from the list of trusted certificates, start the certificate management console (msc), expand Trusted Root Certification Authorities -> Certificates and delete the certificates found by SigCheck utilitydelete certificate from trusted root certification authorities

Thus, it is recommended to check the certification store using SigCheck on all systems, especially on the OEM computers with the preinstalled OS and different Windows builds distributed via some popular torrent trackers.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
VMware vSphere 6.5 Licensing Guide
next post
Fix: Windows Cannot Connect to the Printer Error 0x00000057

Related Reading

How to Run Program without Admin Privileges and...

March 24, 2023

Configure Network Settings on Windows with PowerShell: IP...

March 24, 2023

Attaching Host USB Devices to WSL or Hyper-V...

March 20, 2023

Print Screen Key Not Working in Windows

March 17, 2023

Send-MailMessage: Sending E-mails with PowerShell

March 14, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • How to Run Program without Admin Privileges and Bypass UAC Prompt?

    March 24, 2023
  • Configure Network Settings on Windows with PowerShell: IP Address, DNS, Default Gateway, Static Routes

    March 24, 2023
  • Exchange Offline Address Book Not Updating in Outlook

    March 21, 2023
  • Attaching Host USB Devices to WSL or Hyper-V VM

    March 20, 2023
  • Sending an E-mail to a Microsoft Teams Channel

    March 17, 2023
  • How to Restore Deleted Users in Azure AD (Microsoft 365)?

    March 16, 2023
  • Fix: Remote Desktop Services Is Currently Busy

    March 15, 2023
  • Send-MailMessage: Sending E-mails with PowerShell

    March 14, 2023
  • Clear Cache and Temp Files in User Profiles on Windows (RDS) with PowerShell and GPO

    March 13, 2023
  • Prevent Users from Creating New Groups in Microsoft 365 (Teams/Outlook)

    March 6, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to increase KMS current count (count is insufficient)
  • Unable to Connect Windows 10 Shared Printer to Windows XP
  • Using the BitLocker Repair Tool to Recover Data on Encrypted Drive
  • Error 0x80073CFA: Can’t Uninstall Apps using Remove-AppxPackage in Windows 10
  • Auto-Mount a VHD/VHDX File at Startup in Windows 10, 8.1
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top