There can be intermediate CAs between the root CA, and the actual issuing CA. 
You'd need all the certs in between so as to be able to chain the cert back to 
its root CA's cert.

Cheers
Ken

From: [email protected] [mailto:[email protected]] On 
Behalf Of Greg Keogh
Sent: Wednesday, 15 September 2010 8:01 AM
To: 'ozDotNet'
Subject: [OT] Root certificates

Folks, after rebuilding my Win7 dev machine recently I forgot to reinstall my 
personal security certificates. I've got two (listed below) that I imported in 
certmgr, I can see they have private keys and look valid, but their 
certification path is empty.

I thought that Win7 would be modern enough to have the path roots supplied with 
the OS, so looking in certmgr I can see a dozen Verisign and Thawte trusted 
roots in different stores, but they don't seem to validate my cert paths.

I downloaded a zip file of root certificates 
HERE<https://www.verisign.com/support/roots.zip> but there but you get 10 cer 
files and get clue about which one to use or which store to put it in. I ran 
one experimental import but it did nothing. Rather than waste hours of time and 
possibly damaging my store I thought I'd ask in here if anyone can cut through 
the crap and tell me the easiest of getting my personal certs working again. 
I'll keep web searching in the meantime.

Cheers,
Greg

Verisign Class 1 Indivisual Subscriber CA- G2
Secure Email, Client Authentication

Thawte Code Signing CA
Code Signing, 1.3.6.1.4.1.311.2.1.22

Reply via email to