Windows Vista, Windows 7
Root certificates on Windows Vista and later are distributed via the automatic root update mechanism – that is, per root certificate. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks Microsoft Update for the root certificate. If it finds it, it downloads the current Certificate Trust List (CTL) containing the list of all trusted root certificates in the Program, and verifies that the root certificate is listed there; it then downloads the specified root certificate to the system and installs it in the Windows Trusted Root Certification Authorities Store. If the root certificate is not found, the certificate chain is not completed, and the system returns an error. To the user, a successful root update is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically. In addition, Windows Vista and later client SKUs support weekly pre-fetching from Microsoft Update to check for updated root certificate properties (for example, extended validation (EV), code signing or server authentication properties, which are certificate properties added to a root certificate).
For detailed technical information about how Windows updates root certificates in Windows Vista and in later versions, visit the following website:
(Du musst Dich Einloggen oder Registrieren um Multimediadateien oder Links zu sehen).Windows XP
Windows XP does not fully support the automatic root update mechanism: when a root certificate is already present on a user’s system, it will not be updated even if the copy of the root certificate available on Microsoft Update has changed. Windows XP also does not support the weekly pre-fetching of certificate properties from Microsoft Update feature, and the only way to install new root certificate properties on Windows XP is by installing the root update package.
It is recommended that users running Windows XP download and install the root update package to update their root certificates. Root certificates are delivered for Windows XP via Microsoft Update as an optional root update package – an executable that contains every root certificate that is distributed by the Windows Root Certificate Program. Windows XP users can opt to download the package each time it is updated and presented by Microsoft Update, or they can opt to download the root update packages automatically when they are updated. The optional root update package is updated approximately 3-4 times per year, or every quarter.
For additional technical information about how Windows updates root certificates in Windows XP SP2 and SP3, visit the following Web site:
(Du musst Dich Einloggen oder Registrieren um Multimediadateien oder Links zu sehen). Du sagst bei dier fehlen dann die Zertifikate im Speicher.
Was passiert denn, wenn du auf eine öffentliche verschlüsselte Webseite gehst die nicht im Speicher ist?