Solved Certificates store is broken?

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  • Hello everyone We want to personally apologize to everyone for the downtime that we've experienced. Due to the issues we've had, your password will need to be reset. Please click the button that says "Forgot Your Password" and change it. Thanks, PCHF Management
Status
Not open for further replies.
T

tamiwara

PCHF Member
Jul 16, 2024
5
0
53
Hi, last day was browsing certlm, and found many old/untrusted certificates, most of them were succesfully removed, but some were back after hour or so, event viewer told me that they were updated(capi2 event 4097/4109), but they were still the same, expired ones. Tries to solve it with deepai, but sadly didnt found solution, but noticed 2 more things, certuti wont open(well for less than 1 sec then immediately close) and in " HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\" theres no certsvc, only something like certpropsvc... Can someone tell me or my pc is totally broken? used factory settings before 2 months and i dont think i could do that myself. The Certs that are coming back are in folder both "Trusted Root Certification Authorities" as well as "Trusted Root Certification Authorities of other company"(well dont know how its called in english but simmilar like first things just "of another company")and the names are <image1>, the other two are in folder "windows live id token issuer" and are called <image2>.

The thing is, the ones in image1 are just outdated so i wanted to remove them, those in image 2... i have no idea where they even come from, but are untrusted because they are not in root cert store (or something like that)so wanted to remove then but they were back too.

Can someone help me with this please?

image1.jpg
image2.jpg
 
This might be a case of 'ignorance is bliss'.
Some things we are simply not suppose to delve into - certmgr is one.
Windows looks after this for you, it's a bit like the Registry, usually best to leave well alone, and fiddling with it can do more harm than help.

Was there a reason you wanted to open this particular can or worms? :)
Is the PC still running OK?

The reason deleted certs keep coming back is the program that needs them is detecting one is missing and getting it again.
 
Thank you for answer ;) i know its better not to toy with certs especielly those from root store, but arent expired ones a security risk?? and isnt it bad that program want to use expired certs?
 
While no expert, I believe only SSL type certificates are a security vulnerability if expired.
A program should renew expired ones as they expire, if the program doesn't, it mustn't need to be updated or it has lazy programmers.
Windows even comes with expired certs from a fresh install (at least it used to) so it was backward compatible with old drivers.

Worst case, if you remove a cert that is needed, the program will either get another or it'll pop up an appropriate message.
 
but arent those i listed an ssl certs? they have in properties "Server Authentication"(almost all of them). I dont really know much(or even anything at all) about certs, i just read somewhere that keeping expired certs isnt good idea ^ btw one more thing i noticed, in event viewer > app logs > theres this whole capi2 logs about restoring expired certs i removed, but its show for all the certs from the picture1, but for the ones in second image theres not any mention of those. No any info of bringing back those "token signing public key" in any of the logs, security/system/aplication, so no idea how they even reappered.
 
Bruce said:
While no expert, I believe only SSL type certificates are a security vulnerability if expired
Click to expand...
That is my understanding.
Therefore, once a certificate expires you can safely remove it from the CA database. The one exception to this is if have Key Archival configured on the CA. If you are archiving private keys, you may not want to remove expired CA certificates from the CA database.
Click to expand...
learn.microsoft.com

Operating a Windows PKI: Removing Expired Certificates from the CA Database

learn.microsoft.com
Bruce said:
no need to poke that bear.
Click to expand...
I agree.
You will end up with either a can of worms or going down a rabbit hole or worse BOTH.
 
  • Like
Reactions: Pyro and Malnutrition
sadly certutil dont work, it start for less than 1 sec and then close, and the link you posted need certutil working to solve my problem. So schould i just leave those expired certs alone?
 
Absolutely.
I think that was the consensus we were striving for - "if it ain't broke, don't fix it!" :)

I opened certlm (computer certificates) and the first section I opened had 9 expired entries.
Opened certmrg (user certificates) and found 11 expired ones in the first group I look at.
 
  • Like
Reactions: Pyro
Status
Not open for further replies.
Top Bottom