D
David Beleznay
Guest
I have a windows application that talks to a server over HTTPS, but the root certificate is not in the Windows Certificates on a brand new installation of Windows. If a user has a brand new machine, and somehow manages to get my app installed without opening a web page, the app will fail to connect.
However, if they go to our website, Chrome, or Edge, or whichever browser, automatically downloads and installs the Trusted Root certificate from the Microsoft Trusted Root certificates list. I know i can fetch the list of trusted certificates using `certutil -generateSSTFromWU roots.sst` but that a) doesn't actually install the certs, and b) would require my program running another app.
Is there a way that I can trigger the same behaviour as chrome or edge from C++? possibly giving the call the domain I want to look up, and it downloads the root authority ? ( just in case i switch who is signing the certificate down the road I don't want to have to re-compile the app ? ) If that's not possible, maybe I can specify the root cert to download from the trusted certificate list ?
My certificate is signed by Go Daddy Secure Certificate Authority - G2, which is signed by Go Daddy Root Certificate Authority - G2 for one product, for another product it's signed by Amazon, which is signed by Starfield.
Updating List of Trusted Root Certificates in Windows 10 / 7 | Windows OS Hub
The Microsoft Root Certificate Program
You can also use certutil to grab all the trusted root certificates from the Win... | Hacker News
Continue reading...
However, if they go to our website, Chrome, or Edge, or whichever browser, automatically downloads and installs the Trusted Root certificate from the Microsoft Trusted Root certificates list. I know i can fetch the list of trusted certificates using `certutil -generateSSTFromWU roots.sst` but that a) doesn't actually install the certs, and b) would require my program running another app.
Is there a way that I can trigger the same behaviour as chrome or edge from C++? possibly giving the call the domain I want to look up, and it downloads the root authority ? ( just in case i switch who is signing the certificate down the road I don't want to have to re-compile the app ? ) If that's not possible, maybe I can specify the root cert to download from the trusted certificate list ?
My certificate is signed by Go Daddy Secure Certificate Authority - G2, which is signed by Go Daddy Root Certificate Authority - G2 for one product, for another product it's signed by Amazon, which is signed by Starfield.
Updating List of Trusted Root Certificates in Windows 10 / 7 | Windows OS Hub
The Microsoft Root Certificate Program
You can also use certutil to grab all the trusted root certificates from the Win... | Hacker News
Continue reading...