Chrome 40 Shares Windows PKI with IE
This section describes how Chrome, Internet Explorer (IE) and Windows are sharing PKI functionalities together in storing and managing root CA certificates and server certificates.
By reading the warning message when deleting a trusted root CA certificate,
we can probably guess that Chrome 40 is sharing the Windows system built-in PKI functionalities,
in the same way as Internet Explorer (IE).
So we can assume the following based on what we learned from IE tutorials:
- Chrome, IE and Windows are sharing the same certificate stores.
- Adding and deleting certificates in Chrome, IE or Windows will impact each other.
- Chrome, IE and Windows are smart to get different certificate path to validate a server certificate
which root CA certificate is available.
- Chrome, IE and Windows are smart to automatically download root CA certificates from a Microsoft server as needed.
This is function is called Update Root Certificates, which is turned by default on Windows systems.
I don't really like this feature, because there is no way for me to decide which root CA to trust.
Microsoft makes the decision for you all the time.
Last update: 2015.
Table of Contents
About This Book
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with IE (Internet Explorer) 10
►Using HTTPS with Chrome 40
Visiting "https" Web Site with Chrome 40
Viewing Server Certificate in Chrome 40
Viewing Server Certificate Path in Chrome 40
Exporting Server Certificate to File in Chrome 40
Viewing Trusted Root CA Certificates in Chrome 40
Listing of Trusted Root CA in Chrome 40
Exporting Root Certificate to File from Chrome 40
Deleting Root CA Certificates from Chrome 40
►Chrome 40 Shares Windows PKI with IE
Using HTTPS with Firefox 35
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Certificate Stores and Certificate Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
PKI CA Administration - Issuing Certificates
Digital Signature - Microsoft Word 2007
Digital Signature - OpenOffice.org 3
S/MIME and Email Security
PKI (Public Key Infrastructure) Terminology
PDF Printing Version