Maybe a "DAMN-DOWNLOAD-THIS-PATCH-NOW-OR-YOUR-COMPUTER-DIES" sort of patch?

off the top of my head, that would be your browsers root certificates list.

it is independant of normal windows update, and even moz and opera will do it.

it is a good thing, because that way any certificates that have been revoked will show up. (ssl sites, java applets etc)

Thanks for the thoughts........

Guchi - no patches was offered or applied manually, so that doesn't compute.

Sasq - sounds plausible - so who decides to automatically update my certificates and based on what criteria? - anybody have any background dope for a "certified" illiterate?

That MS help site is about as useful as a crotchless jockstrap.

I *think* they update monthly or so, but I could be wrong (it might be weekly) I think it really depends on the browser.

Basically your downloading the 'public' key for the various certificate authorities (public) Cert.

When you go to a ssl web site, or download a java app etc, it presents its certificate as signed by an authority.

Basically the root public key of the root CA's you download decrypts the encoded message from the private key of the authority. if it says what it should, you browser is happy and you see lots of green ticks.

If something doesn't match - like dates or whatever your browser will warn you about a possible problem with the applications signed certificate.

The is also a mechanism for the root authority to 'cancel' certificates, i.e. a few years ago we had to fraudulent M$ certs escape. there was a revocation (sp?) list update and the fraudulent certs were canceld.

This is one of the reasons regular updates are good.

** ok for you rules and exact facts lawyers out there, yes i have fuzzed some points. Just trying to get the basics across

Cheers once again - thanks for the time and explanation - know you very busy - thats about as much as I need to know about the issue I think.

In IE:

Tools/Internet Options/Advanced tab/Security section/Check for server certificate revocation

That may be where the setting is activated. I'm not sure though...

Hi

In Add/Remove programs, Add/Remove Windows Components there is a component called "Update Root Certificates" which downloads and installs the latest certs.