Root certificate update not working

Hello, at some point my computer (Windows 7 Enterprise, joined to domain) lost the OIDs of EV certificates. The problem got fixed with custome import of certificates in the local Trusted Root Certification Authorities store. After digging into the problem, it turned out that upon unknown certificate met on the Web Windows does not activate the Root certificate update functionality - no certificate call is made (no events from CAPI2 in the Event viewer) and as a result Microsoft trusted certificates are not added automatically to the system.

My question is - which Group Policy setting to tweak, so that the Root certificate auto-update works?

I have checked the Resultant set of policy snap-in and I see no custom setting for Internet communications settings -> Turn off Automatic Root Certificates Update. In GPEdit it is set to Not configured.

But the local user has active Computer configuration -> Windows Settings -> Public Key Policies domain emposed settings applied.

Which of these might be the porblem? Is it something in Certificate Path Validation Setting? I have readhttp://technet.microsoft.com/en-us/library/cc731638.aspx but it is still not very clear.

In the Certificate path validation I have the following:

  • Stores tab - all recommended are checked, except for Root certificate stores whereOnly Enterprise Root CAs.
  • Network Retrieval - all options are on

It is worth noting that once added in the Local machine, anu trusted root certificate works just fine.

http://technet.microsoft.com/en-us/library/cc749331(WS.10).aspx was not of much use, too :(

 

Question Info


Last updated June 20, 2018 Views 2,217 Applies to:
Answer
Hi Kamka,
 
Your post would be more appropriate in TechNet forum as your computer is connected to a domain. Microsoft Answers handle consumer based issues. Please post your concerns at TechNet forum for professional support.
 

Regards,

Shinmila H - Microsoft Support

Visit our Microsoft Answers Feedback Forum and let us know what you think.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.