IE Reinstalling Root Certificates Automatically

This section provides a tutorial example showing IE reinstalls trusted root certificate automatically when it is needed to validate an HTTPS Web server certificate.

From the previous tutorial, we learned that there is second root CA certificate "VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)" that can be used to validate "login.yahoo.com". If I delete "VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)" also from IE, what will happen?

1. Run IE as administrator, and go to the "Trusted Root Certificate Authorities" certificate store.

2. Go through the list of root CA certificates, and locate "Class 3 Public Primary Certification Authority certificate. You will see 3 entries.

3. Export all 3 entries of "Class 3 Public Primary Certification Authority" certificates to local files.

4. Remove all 3 entries of "Class 3 Public Primary Certification Authority" certificates.

5. Close and run IE again. Go to https://login.yahoo.com and wait for the log in page to be displayed.

6. Click the lock icon at the end of the Web address field and click the "View certificates" link.

7. Click the "Certificate Path" tab. I am surprised to see that IE validated "login.yahoo.com" certificate with the same certificate path:

VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
 |- VeriSign Class 3 Public Primary Certification Authority - G5
     |- VeriSign Class 3 Secure Server CA - G3
        |- *.login.yahoo.com

8. Close the Certificate and go to the trusted root CA certificate area. I see that "Class 3 Public Primary Certification Authority" with a display name of "VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)" has been installed back in IE.

This tells me that IE automatically fetched the root CA certificate from the Internet and install it as trusted root CA when it is needed.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

 Using HTTPS with Apple Safari

HTTPS with IE (Internet Explorer)

 Visiting "https" Website with IE

 Viewing Server Certificate Details in IE

 Viewing Server Certificate Path in IE

 Installing Server Certificate Permanently in IE

 Viewing Certificates in Certificate Stores in IE

 Listing of Trusted Root CA in IE

 Exporting Certificate to File from IE

 Saving Server Certificate to File with IE

 Deleting Certificates from IE

 IE Supporting Multiple Certificate Paths

IE Reinstalling Root Certificates Automatically

 Windows Automatic Root Update Mechanism

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

 macOS Certificate Stores and Keychain Access

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Archived Tutorials

 References

 Full Version in PDF/EPUB