Educause Security Discussion mailing list archives
Re: Thawte root change to 2048 bit cert and intermediate CA
From: "David A. Greenberg" <dgreenbe () IU EDU>
Date: Wed, 26 May 2010 07:58:12 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
If they're changing their root cert and adding an intermediate cert, won't all browsers and clients have to have those certs added to their stores for SSL certs signed by them to be trusted? I don't see a 2048 bit Thawte cert in the latest patched version of Internet Explorer.
This list of current (as of Nov. 2009) root certs is available as a PDF in http://support.microsoft.com/kb/931125 . I do see a 2048 bit cert listed in the PDF. But most Vista+ and XP with the root certificate updates enabled should get anything added by Microsoft automatically. http://technet.microsoft.com/en-us/library/cc751157.aspx Assuming Thawte has been working with Microsoft, Vista+ and IE will work automatically. "Root certificates are updated on Windows Vista automatically. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks the appropriate Microsoft Update location for the root certificate. If it finds it, it downloads it to the system. To the user, the experience is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes." David Greenberg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.0.0 Charset: us-ascii wj8DBQFL/QzWv9fiDogoQQIRAsAwAKDI1v6KL+5Fskg449G+bH+8EdEW6wCgxIzH +PBJGOZ9b8BAVOoYmHH4FAk= =9beQ -----END PGP SIGNATURE-----
Current thread:
- Thawte root change to 2048 bit cert and intermediate CA Flynn, Gary (May 25)
- <Possible follow-ups>
- Re: Thawte root change to 2048 bit cert and intermediate CA Jason Testart (May 25)
- Re: Thawte root change to 2048 bit cert and intermediate CA David A. Greenberg (May 26)
- Re: Thawte root change to 2048 bit cert and intermediate CA Russell Fulton (May 26)