On 26. 11. 2014 4:19, grarpamp wrote:
On Tue, Nov 25, 2014 at 3:08 AM, Martin Rublik <martin.rublik@gmail.com> wrote:
This might help http://unmitigatedrisk.com/?p=259 also check
That seems to reference old MS cert distribution models and cert data stores. And uses cloudflare captcha.
I'm sorry if I provided outdated information. Anyway I think that Microsoft still uses CTLs in order to update the trust store. For the reference see for example https://support.microsoft.com/kb/2677070 or https://technet.microsoft.com/en-us/library/security/2982792.aspx CTLs can be downloaded using any browser on these URLs: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disal... http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authr... Unfortunatelly, the CTL does not contain entire certificate only its hash, but using the link provided you can download the certificates. If you have a Windows machine with certutil you can parse and download the CTL with a simple powershell script: certutil -dump .\authroot.stl | findstr "Identifier:" | ForEach-Object -Process { $caCertSKI=$_.split(":")[1].Replace(" ","") $caCertSKI Invoke-WebRequest "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/e..." -OutFile "$caCertSKI.crt"} Martin