OTish: expired root certificates

TheMSsForum.com: The Microsoft Software Forum

In yall's esteemed opinion(s) should I delete all the expired root
certificates from a) my IIS servers, and b) my users workstations?

I recently (this morning) had to update a verisign root certificate that
expired some time ago but went unused until now. In light of that
experience I'm thinking of zapping all expired certs with one
reservation - an expired certificate gives a warning and lets the user
continue, does the same occur for a missing certificate. I'm not really
interested in breaking anything more that it already is just for the
sake of being A/R.
Top

Re: OTish: expired root certificates by kpg

kpg
Thu Jul 10 14:51:23 CDT 2008

I see you all have strong opinions on this subject, so slow
down, one at a time, please.

Top

Re: OTish: expired root certificates by Consultant

Consultant
Tue Jul 15 10:09:18 CDT 2008

a missing certificate means no access
unless you change from https://yoururl
to
http://yoururl:443

"kpg" <no@spam.com> wrote in message
news:Xns9AD75B24D86AAipostthereforeiam@207.46.248.16...
> In yall's esteemed opinion(s) should I delete all the expired root
> certificates from a) my IIS servers, and b) my users workstations?
>
> I recently (this morning) had to update a verisign root certificate that
> expired some time ago but went unused until now. In light of that
> experience I'm thinking of zapping all expired certs with one
> reservation - an expired certificate gives a warning and lets the user
> continue, does the same occur for a missing certificate. I'm not really
> interested in breaking anything more that it already is just for the
> sake of being A/R.


Top

Re: OTish: expired root certificates by kpg

kpg
Tue Jul 15 14:36:42 CDT 2008

"Consultant" <consultant_mcngp@yahoo.com> wrote in news:#E42Bzo5IHA.4776
@TK2MSFTNGP05.phx.gbl:

> a missing certificate means no access
> unless you change from https://yoururl
> to
> http://yoururl:443

I am a little surprised that actually works.

kp "disillusioned." g
Top

Re: OTish: expired root certificates by Consultant

Consultant
Wed Jul 16 16:14:10 CDT 2008

well, it is not encrypted, it is merely passing the unencrypted traffic over
port 443

"kpg" <no@spam.com> wrote in message
news:Xns9ADC94AF14AD4ipostthereforeiam@207.46.248.16...
> "Consultant" <consultant_mcngp@yahoo.com> wrote in news:#E42Bzo5IHA.4776
> @TK2MSFTNGP05.phx.gbl:
>
>> a missing certificate means no access
>> unless you change from https://yoururl
>> to
>> http://yoururl:443
>
> I am a little surprised that actually works.
>
> kp "disillusioned." g


Top

Re: OTish: expired root certificates by kpg

kpg
Thu Jul 17 11:01:32 CDT 2008

"Consultant" <consultant_mcngp@yahoo.com> wrote in
news:OJHxkj45IHA.3696@TK2MSFTNGP04.phx.gbl:

> well, it is not encrypted, it is merely passing the unencrypted
> traffic over port 443

well, yes..i see that. So it's a way to defeat the encryption.


How interesting. I need to teach this one to all my users.


Top

Re: OTish: expired root certificates by Consultant

Consultant
Fri Jul 18 15:31:21 CDT 2008

just be careful, not good practice if you need the encryption


"kpg" <no@spam.com> wrote in message
news:Xns9ADE702AAD06Fipostthereforeiam@207.46.248.16...
> "Consultant" <consultant_mcngp@yahoo.com> wrote in
> news:OJHxkj45IHA.3696@TK2MSFTNGP04.phx.gbl:
>
>> well, it is not encrypted, it is merely passing the unencrypted
>> traffic over port 443
>
> well, yes..i see that. So it's a way to defeat the encryption.
>
>
> How interesting. I need to teach this one to all my users.
>
>


Top