I'm not a domain owner rather I'm having issues accessing domens because of this new certificate.
I know this because I have Win 7 and about 4 days ago I started having problems not only with my Opera browser but with Steam and GoG as well. Mozilla works just fine but this is not an option for me since Steam and GoG. Steam also sometimes says in ingame browser that the issue is in SSL certificate. In addition, literally everyone around me on older systems is having the very same issue. So yeah, I'm pretty sure I need to update it.
The problem here is that:
I'm on Windows 7.
I don't trust Microsoft updates since they definitely broke my video card drivers in the past. .NET framework 4.5.3 managed to break some things recently too. .NET framework 4.7.1 (or something) and Visual Studio won't even install.
In addition I've managed to solve driver problem "the manual way" and I tend to trust it.
I'm not switching to Windows 10 because of that for a multitude of reasons.
I know that what I'm asking for is possible I'm just really stupid and I think that people here should know for sure.
The guy here:
Was able to export cetificate from one system to another, but again I'm too stupid to perform that. I have access to Windows 10 system from my friend's computer.
So I guess my questions would be:
What are the certificate files in Win 10 and Win 7? What are the ways of importing and exporting them?
What are the locations of those certificate files? My "C:...\AppData\Roaming\Microsoft\SystemCertificates" is empty and I know for sure this is not the only place to look for.
Are there any other less extreme methods to do that? Like "Certificate updater in particular"? (NOT windows update) Internet article seem to be writing about Win 10 which does not work for me - I tried.
Firstly, thanks a lot! Despite me being very suspicious about windows updates it helped. And so far nothing broke.
Still, just in case things will break in the future or MS will pull another plug out, can you, please, elaborate on other questions? Specifically the locations of these certificates as files and ways the guy in linked post moved them.
For Windows 7 (without outdated trust store) you should urgently replace the machine operating system with Windows 10 or higher. If this is not possible, manually install by browsing to http://x1.i.lencr.org/ in order to download the .cer file for ISRG Root X1, open file, click "Install Certificate..", Choose default option "automatically select..", Next, Finish. The ISRG Root X1 certificate will now be visible using certmgr.msc under Trusted Root Certification Authorities. Reboot machine.
The problem is that your machine does not trust Let's Encrypt's root certificate. That URL is a non-HTTP-required link to download that root certificate. Installing it puts it into your Trusted Root certificate store on Windows 7 which should fix the majority of your problems. If you want to verify whether you already have it or not, run the following PowerShell command:
Look, the guy above helped allready. I know that the issue was that I didn't have proper certificates. I have them now. I appreciate your attempts and I hope it'll help someone in the future. I'm sure it will.
My question is how do I "export" those certificates and "import" them. At least onto the same machine!
I'm asking this not because I'm crasily paranoid or something. I need it for backup. Win 7 is not supported anymore and things might still break. So just in case I'll need alternatives. I'm not rying to hack someone or anything.
Run reg export HKLM\SOFTWARE\Microsoft\SystemCertificates\Authroot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 %USERPROFILE%\Desktop\ISRG-Root-X1.reg /y
Or if you want to export all root certificates run reg export HKLM\SOFTWARE\Microsoft\SystemCertificates\Authroot\Certificates %USERPROFILE%\Desktop\AllRoots.reg /y
