RCC - check your system's trusted root certificate store

5CEBC526B26FCAC178699379C0210D94839F2128: Adguard Personal CA

92B46C76E13054E104F230517E6E504D43AB10B5: Symantec Enterprise Mobile Root for M

Both can be added to whitelist, the first one is for AdGuard 6.x and the second is the one which comes withing the latest Android SDK.

Edit:
The AdGuard certificate will be installed to Windows and if enabled via https scanning option also in Firefox to bypass the ssl warning.

 

Ok, so this certificate is "interesting" but can be ignored? Perhaps whitelisted?

 

92B46C76E13054E104F230517E6E504D43AB10B5: Symantec Enterprise Mobile Root:
This is now officially part of the Microsoft CTL (since last week), so RCC no longer detects it.

@focus @CHEFKOCH
I'm not really in favor of hardcoding exceptions for these certificates into RCC, but the next release will support user-defined whitelisting.

 

The CTLinfo tool reports 64 untrusted certs in my cert store

 

Thanks sevenfaw we all love you for you're tool, if you would upload it as open source e.g. on github I would donate something to you and as said in past it would a bit more easier for us to report/fix something.

Da f*** ,screenshot pls.

 

I think i overreacted, I am guessing the 64 certs is a revocation list but screenshot incoming.

 

It's normal, nothing to worry about it.

 

Thanks.

 

Nice. I had to upgrade RCC to 1.60.269 to see this. Is this a beta or a regular release?

 

New version 1.65.003 is out.
http://trax.x10.mx/dl_rcc.php?appname=RCC.exe

 

And SHA1 checksum for v1.65.003 should be: b97e2378a518d37d2aab2b4a655c0c62c54c4b6a

This version adds basic support for whitelisted roots. Just create a text file named "whitelisted.txt" in the same directory as RCC, and add any certificates that you do not want to be notified about, in the same format as RCC uses. For instance:

Code:

5CEBC526B26FCAC178699379C0210D94839F2128: Adguard Personal CA

 

Those 64 certs are technically not in your store, but in the Microsoft so-called "Untrusted CTL", which is the same for every Windows machine and currently contains 64 entries, so your machine is OK. It would actually be suspicious if you had a different number.
You can think of the Untrusted CTL as an official blacklist for high-profile compromised certs.

 

Sophos Home Antivirus blocked this. Had to add it to the website exclusions.

 

This kind of false positives will be resolved once the site moves to a new (HTTPS) domain. I should be able to do that a few days from now.

 

http://trax.x10.mx/dl_rcc.php?appname=RCC.exe = 403 + 404 error.

Perhaps some site maintenance was scheduled...

 

Where is the certificat if i want delete it ?

 

Hi. I'm having an odd problem with RCC, Firefox, and some old Kaspersky certificates.

I used to run Kaspersky but no longer do. Regardless, I didn't use their SSL trap and had already deleted their certs from the Microsoft and Firefox databases. But RCC tells me that they are still present in the Firefox database. That part of the display is:

*** Scanning Mozilla Firefox root CA store...
SSD1: Kaspersky Anti-Virus Personal Root Certificate (in cert8.db store)
SSD2: Kaspersky Anti-Virus Personal Root Certificate (in cert8.db store)

Here's the strange part: When I "View Certificates", "Authorities" in Firefox I can see dozens of certs, but nothing from Kaspersky. I have checked it very carefully, 3 times. So I am at a loss. I imagine that they must somehow be there (else how would RCC find them?) but Firefox doesn't display them.

I did a quick scan and I have only the one cert8.db file on my disk.

Any idea what is going on?

Thanks!

 

Ohhh **** we get something to do now.

Google / Mozilla's trusted/untrusted CA list is avlb. over here.


Via Register.

 

Definitely strange. Never heard of such a thing before...

I might find out what's going on if are OK to post your cert8.db file online somewhere so I can have a look
And of course you could just reinstall Firefox to ensure you have a clean cert8.db file.

 

OK. I've posted it to SendSpace. Here's the link: https://www.sendspace.com/file/0y2l7d

Thanks!

 

I think cert8 is related to AdGuard.

 

Perhaps so, but the one on my machine is in a Mozilla\Firefox subdirectory.

 

Which subdirectory?

 

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\k71rsxvp.default-1411093505608\

 

I have -
C:\Users\Yash\AppData\Roaming\Mozilla\Firefox\Profiles\f5j36bko.default - In this folder there are folders & files. And cert8 96 KB file is there.
I think cer8 is related to Adguard cert. And I think if you remove Adguard cert from Firefox options - advanced - certificates, then cert8 file will not be there in the above mentioned directory.
I think Adguard cert is required to filter HTTPS/SSL or else you will get cert error prob on websites.
You have Adguard installed, right?