Chrome 40 Shares Windows PKI with IE

PKI Tutorials - Herong's Tutorial Examples - Version 2.04, by Dr. Herong Yang

PKI Tutorials - Herong's Tutorial Examples

∟Chrome 40 Shares Windows PKI with IE

This section describes how Chrome, Internet Explorer (IE) and Windows are sharing PKI functionalities together in storing and managing root CA certificates and server certificates.

By reading the warning message when deleting a trusted root CA certificate, we can probably guess that Chrome 40 is sharing the Windows system built-in PKI functionalities, in the same way as Internet Explorer (IE).

So we can assume the following based on what we learned from IE tutorials:

Chrome, IE and Windows are sharing the same certificate stores.
Adding and deleting certificates in Chrome, IE or Windows will impact each other.
Chrome, IE and Windows are smart to get different certificate path to validate a server certificate which root CA certificate is available.
Chrome, IE and Windows are smart to automatically download root CA certificates from a Microsoft server as needed. This is function is called Update Root Certificates, which is turned by default on Windows systems. I don't really like this feature, because there is no way for me to decide which root CA to trust. Microsoft makes the decision for you all the time.

Last update: 2015.

Table of Contents

About This Book

Introduction of PKI (Public Key Infrastructure)

Introduction of HTTPS (Hypertext Transfer Protocol Secure)

Using HTTPS with IE (Internet Explorer) 10

►Using HTTPS with Chrome 40

Visiting "https" Web Site with Chrome 40

Viewing Server Certificate in Chrome 40

Viewing Server Certificate Path in Chrome 40

Exporting Server Certificate to File in Chrome 40

Viewing Trusted Root CA Certificates in Chrome 40