5

I work for a company that uses Windows 7 for end user computing. The Windows 7 computers are updated via a WSUS installation, and access to Microsoft Update is blocked.

We have a problem with a number of websites, who's certificates appears to be invalid, though they are perfectly ok. The problem is, that Windows 7 apparently does an on-demand update of root certificates through Windows Update, rather than rolling out a monthly update, as with Windows XP.

Now that Windows Update is blocked, how should root certificates be updated? It appears that WSUS is not handling this feature.

Thanks in advance.

hstr
  • 183
  • 1
  • 1
  • 6

2 Answers2

2

Try to manually update the root certificates.

http://support.microsoft.com/kb/931125

CrumpledMemories
  • 658
  • 3
  • 8
  • But the manual update only relates to Windows XP. – hstr Oct 28 '12 at 08:07
  • Nope; a quick google on "manually updating windows 7 root certificates" tell me otherwise. – CrumpledMemories Oct 29 '12 at 01:44
  • I am looking for something that can be implemented on a large scale, automatically. It should also be officially supported by Microsoft. I think most of what comes up in the search are merely hacks. – hstr Oct 29 '12 at 20:20
  • This approach can be scripted and added to login script. With WSUS being blocked at your site, your options are reduced to scripted solutions. Bear in mind that MS root certificates are supported, no matter how they're installed. Scripting this doesn't constitute a hack. – Lizz Mar 21 '13 at 04:45
0

In my case for Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601 Helped this console commands

Certutil -syncWithWU C:\cert
cd C:\cert
for %f in (*.cer, *.crt) do certutil -addstore -f "Root" "%f"

restart PC

Ruslan Novikov
  • 156
  • 5