[RADIATOR] Thawte Intermediate Certificates and Windows 7

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Feb 28 12:12:10 CST 2011


hi,

the root CA could be added to the server bundle....but that wont help
as the root CA needs to be known and trusted by the client. in this case, windows 7.

rather than supplying certs, it seems like microsoft is supplying them 'on demand'
in some cases...to keep fresh versions around rather than having issues of stale ones
that have been superceeded..... as other mail says, go to a web site signed by that
CA and windows will then know about it.. .how?  from what I recall, if you go to
a site with unknown CA then windows will go to a CA repository site...i recall Microsoft-CryptoAPI
being the agent and it collecting (or trying to collect said certs) .... hang on..ah yes,
/msdownload/update/v3/static/trustedr/en/authrootstl.cab

so....if unknown, it will try to get them from microsoft akamai place.  

so, CA not known by clien natively? get it installed - have some setup/bootstrap network SSID
or manually get it on.


alan


More information about the radiator mailing list