Hi all.
The number of websites unusable with XP is increasing, due to the "invalid certificate".
1) is there an easy way to install other certificates on XP?.
2) even if the certificate is invalid, the browser offers the option to continue. What may be the risk of continuing?
GF
Hi all.
The number of websites unusable with XP is increasing, due to the "invalid >certificate".
1) is there an easy way to install other certificates on XP?.
2) even if the certificate is invalid, the browser offers the option to >continue. What may be the risk of continuing?
Try MyPal browser.
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Download the certificates from
https://letsencrypt.org/certificates/
"Shadow" <Sh@dow.br> ha scritto nel messaggio >news:99pelg5hhh0o2h4pghmb7qb93glcilgvo9@4ax.com...
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Download the certificates from
https://letsencrypt.org/certificates/
I get "Invalid certificate" :-)
I'm at the end of my rope. :-)
GF
On Fri, 1 Oct 2021 22:36:22 +0200, "G.F." <nospam@grazie.it> wrote:
"Shadow" <Sh@dow.br> ha scritto nel messaggio >>news:99pelg5hhh0o2h4pghmb7qb93glcilgvo9@4ax.com...
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Download the certificates from
https://letsencrypt.org/certificates/
I get "Invalid certificate" :-)
I'm at the end of my rope. :-)
GF
LOL. Allow an "Exception"(assuming Firefox). Then you can open
the certs page. Double clicking on the "*.der" download link will
install the
to the browser. Close the browser, open it and--
you should be good to go.
As I said, you'll have to right-click and save them if you
want to install to your XP cache.
HTH
[]'s
"Shadow" <Sh@dow.br> ha scritto nel messaggio news:99pelg5hhh0o2h4pghmb7qb93glcilgvo9@4ax.com...
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Download the certificates from
https://letsencrypt.org/certificates/
I get "Invalid certificate" :-)
I'm at the end of my rope. :-)
GF
On 10/1/2021 4:36 PM, G.F. wrote:
"Shadow" <Sh@dow.br> ha scritto nel messaggio
news:99pelg5hhh0o2h4pghmb7qb93glcilgvo9@4ax.com...
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Download the certificates from
https://letsencrypt.org/certificates/
I get "Invalid certificate" :-)
I'm at the end of my rope. :-)
GF
This is to give you some idea how hard it will be to
bootstrap. Apparently Firefox has its own certificate store.
But (of course), a modern Firefox, like a Firefox 91 won't
run on Windows XP.
I picked this post, the one at the end right now, to
show there are "hand tools" that are not browsers.
https://borncity.com/win/2021/09/30/sept-30-2021-will-we-see-trouble-with-old-lets-encrypt-certificates/
"Ubuntu 16.04 doesnt recognizes at all.
Tried to update the /etc/ssl/certs/ca-certificates.crt but no effect.
The only thing that made it work was to update openssl package and
then update curl pointing to the new openssl (all done by compiling method)
to get the curl to work.
wget still not working as its as pre-compiled with old openssl…
Still wondering if it has something to do with this topic or just a coincidence."
What we'd need then, is a curl which is updated today, and
available on an http (not https) site.
https://curl.se/download.html # Yeah, I know, https
curl version: 7.79.1
Build: 7.79.1
Date: 2021-09-22 # Not today...
https://curl.se/windows/dl-7.79.1/curl-7.79.1-win32-mingw.zip <=== advertised as...
http://curl.se/windows/dl-7.79.1/curl-7.79.1-win32-mingw.zip <=== seems to work...
WGET would be the better tool, because the description reads as this,
but as far as I know, it doesn't have internal certificates.
"wget is a fantastic tool for downloading content and files. It can download files,
web pages, and directories. It contains intelligent routines to traverse links in
web pages and recursively download content across an entire website. It is
unsurpassed as a command-line download manager."
Now CURL is supposed to have certificates, as part of pulling stuff
into its library.
"curl satisfies an altogether different need. Yes, it can retrieve files, but it
cannot recursively navigate a website looking for content to retrieve."
This usage of CURL is silly. Don't do this. The problem would be,
with binary or ISOs or the like. You want something that won't screw up,
if doing big downloads.
cd /d C:\Downloads\CurlDir # Point at the dir with the EXE in it
curl https://www.bbc.com > bbc.html
Whereas this one, puts content into a file. The log should still
be dumped into Command Prompt.
curl -o bbc.html https://www.bbc.com
My WinXP computer broke two days ago (would freeze in memtest).
All the hardware is pulled from the computer case, the case is
just sitting near my shoulder, EMPTY!!! No hardwares. Can't test
diddly now. I'm running off Win7 at the moment, haven't moved
my email over, the usual mess.
Now, we need any emergency OS with Firefox in it, on the
assumption it has certificates. I picked the Lite version,
for lower RAM consumption.
https://mirror.clarkson.edu/zorinos/isos/15/Zorin-OS-15.3-Lite-32-bit.iso
curl -o zorin153x86.iso https://mirror.clarkson.edu/zorinos/isos/15/Zorin-OS-15.3-Lite-32-bit.iso
That's around 2GB, so should work in FAT32 for storage, and you
can burn a DVD of that for boot purposes.
I tested in a VM, and that will boot on 512MB, but you can't
start Firefox unless the computer has about 1GB of RAM for "comfort".
Running a LiveDVD, RAM is used for scratch file space, which is
why these things jam up so easily.
I can put that on a USB stick. I used rufus.ie to do a USB stick,
and it offered me a 26GB casper-rw persistent partition. This is
on a 32GB USB stick. This is an EXT partition and not just a loopback
mount as might be more normal (lots of persistent sticks have
just 4GB of storage on a bitmap file sitting on a FAT32 partition,
which is why they have the 4GB limit). This happens to be a Ubuntu at
the moment, and I can see a file stamping the stick as being
made by Rufus.
--- /dev/sde
Block device, size 29.22 GiB (31376707072 bytes)
DOS/MBR partition map
Partition 1: 3.221 GiB (3458359296 bytes, 6754608 sectors from 2048, bootable)
Type 0x0C (Win95 FAT32 (LBA))
SYSLINUX boot loader
FAT32 file system (hints score 4 of 5)
Volume size 3.217 GiB (3454156800 bytes, 210825 clusters of 16 KiB)
Partition 2: 26.00 GiB (27917277696 bytes, 54525933 sectors from 6756656)
Type 0x83 (Linux)
Ext3 file system
Volume name "casper-rw"
UUID 69FD8B2A-C16A-8B42-9C60-6DDC9C4FE0E9 (DCE, v8)
Last mounted at "/"
Volume size 26.00 GiB (27917275136 bytes, 6815741 blocks of 4 KiB)
The USB would be useful, if you've done these before, and your
machine has a USB boot capability. Otherwise, it's a DVD thing.
A DVD won't work on my first PC (1.1GHz Tualatin), and there
I need a CD instead (the BIOS does not grok DVD type as a hardware).
This might not work due to github web code. But if it does, you can
play with using a USB stick instead of a DVD blank.
curl.exe -o rufus315.exe https://github.com/pbatard/rufus/releases/download/v3.15/rufus-3.15p.exe
Once you're booted into Zorin Live Lite, you can follow Shadows suggestions >and look at various web sites for certificate downloads.
I don't know how far you'll get, but that's an idea of
how I'd try to escape the Houdini box you're in.
Paul
On Fri, 1 Oct 2021 21:53:50 -0400, Paul <nospam@needed.invalid> wrote:
On 10/1/2021 4:36 PM, G.F. wrote:
"Shadow" <Sh@dow.br> ha scritto nel messaggio
news:99pelg5hhh0o2h4pghmb7qb93glcilgvo9@4ax.com...
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Download the certificates from
https://letsencrypt.org/certificates/
I get "Invalid certificate" :-)
I'm at the end of my rope. :-)
GF
This is to give you some idea how hard it will be to
bootstrap. Apparently Firefox has its own certificate store.
But (of course), a modern Firefox, like a Firefox 91 won't
run on Windows XP.
I picked this post, the one at the end right now, to
show there are "hand tools" that are not browsers.
https://borncity.com/win/2021/09/30/sept-30-2021-will-we-see-trouble-with-old-lets-encrypt-certificates/
"Ubuntu 16.04 doesnt recognizes at all.
Tried to update the /etc/ssl/certs/ca-certificates.crt but no effect. >>
The only thing that made it work was to update openssl package and
then update curl pointing to the new openssl (all done by compiling method)
to get the curl to work.
wget still not working as its as pre-compiled with old openssl…
Still wondering if it has something to do with this topic or just a coincidence."
What we'd need then, is a curl which is updated today, and
available on an http (not https) site.
https://curl.se/download.html # Yeah, I know, https
curl version: 7.79.1
Build: 7.79.1
Date: 2021-09-22 # Not today...
https://curl.se/windows/dl-7.79.1/curl-7.79.1-win32-mingw.zip <=== advertised as...
http://curl.se/windows/dl-7.79.1/curl-7.79.1-win32-mingw.zip <=== seems to work...
WGET would be the better tool, because the description reads as this,
but as far as I know, it doesn't have internal certificates.
"wget is a fantastic tool for downloading content and files. It can download files,
web pages, and directories. It contains intelligent routines to traverse links in
web pages and recursively download content across an entire website. It is
unsurpassed as a command-line download manager."
Now CURL is supposed to have certificates, as part of pulling stuff
into its library.
"curl satisfies an altogether different need. Yes, it can retrieve files, but it
cannot recursively navigate a website looking for content to retrieve." >>
This usage of CURL is silly. Don't do this. The problem would be,
with binary or ISOs or the like. You want something that won't screw up,
if doing big downloads.
cd /d C:\Downloads\CurlDir # Point at the dir with the EXE in it
curl https://www.bbc.com > bbc.html
Whereas this one, puts content into a file. The log should still
be dumped into Command Prompt.
curl -o bbc.html https://www.bbc.com
My WinXP computer broke two days ago (would freeze in memtest).
All the hardware is pulled from the computer case, the case is
just sitting near my shoulder, EMPTY!!! No hardwares. Can't test
diddly now. I'm running off Win7 at the moment, haven't moved
my email over, the usual mess.
Now, we need any emergency OS with Firefox in it, on the
assumption it has certificates. I picked the Lite version,
for lower RAM consumption.
https://mirror.clarkson.edu/zorinos/isos/15/Zorin-OS-15.3-Lite-32-bit.iso
curl -o zorin153x86.iso https://mirror.clarkson.edu/zorinos/isos/15/Zorin-OS-15.3-Lite-32-bit.iso
That's around 2GB, so should work in FAT32 for storage, and you
can burn a DVD of that for boot purposes.
I tested in a VM, and that will boot on 512MB, but you can't
start Firefox unless the computer has about 1GB of RAM for "comfort".
Running a LiveDVD, RAM is used for scratch file space, which is
why these things jam up so easily.
I can put that on a USB stick. I used rufus.ie to do a USB stick,
and it offered me a 26GB casper-rw persistent partition. This is
on a 32GB USB stick. This is an EXT partition and not just a loopback
mount as might be more normal (lots of persistent sticks have
just 4GB of storage on a bitmap file sitting on a FAT32 partition,
which is why they have the 4GB limit). This happens to be a Ubuntu at
the moment, and I can see a file stamping the stick as being
made by Rufus.
--- /dev/sde
Block device, size 29.22 GiB (31376707072 bytes)
DOS/MBR partition map
Partition 1: 3.221 GiB (3458359296 bytes, 6754608 sectors from 2048, bootable)
Type 0x0C (Win95 FAT32 (LBA))
SYSLINUX boot loader
FAT32 file system (hints score 4 of 5)
Volume size 3.217 GiB (3454156800 bytes, 210825 clusters of 16 KiB)
Partition 2: 26.00 GiB (27917277696 bytes, 54525933 sectors from 6756656)
Type 0x83 (Linux)
Ext3 file system
Volume name "casper-rw"
UUID 69FD8B2A-C16A-8B42-9C60-6DDC9C4FE0E9 (DCE, v8)
Last mounted at "/"
Volume size 26.00 GiB (27917275136 bytes, 6815741 blocks of 4 KiB)
The USB would be useful, if you've done these before, and your
machine has a USB boot capability. Otherwise, it's a DVD thing.
A DVD won't work on my first PC (1.1GHz Tualatin), and there
I need a CD instead (the BIOS does not grok DVD type as a hardware).
This might not work due to github web code. But if it does, you can
play with using a USB stick instead of a DVD blank.
curl.exe -o rufus315.exe https://github.com/pbatard/rufus/releases/download/v3.15/rufus-3.15p.exe
Once you're booted into Zorin Live Lite, you can follow Shadows suggestions >> and look at various web sites for certificate downloads.
I don't know how far you'll get, but that's an idea of
how I'd try to escape the Houdini box you're in.
Paul
I understand what you did, but it's a bit of an overkill for a
XP-only user.
I just loaded the page(Palemoon - same dialogs as an old
Firefox), got the invalid certificate warning, chose the "exception"
(or whatever it's called)
"Are you sure, you are playing with fire, you naughty person"
I clicked "I LIKE playing with fire"
The page opened, I downloaded the certs (pem, der AND txt -
wasn't sure which ones I needed), then manually installed them both to
XP and the browser.
https://postimg.cc/QVbV07cG
(yes, you need the certs to access Postimg)
Of course, once they were working I checked the fingerprints
at
https://www.grc.com/fingerprints.htm
(that uses a Digicert certificate)
When you allow an exception, for all practical purposes you
are using http ..... which can be tampered with. Best to be sure you
got valid certs.
My wget is v1.19.4, it's the last version that works with XP
and apparently it uses the XP store of certs. It's working fine now.
Incredible how many of my favorite sites broke because of the
Let's Encrypt fsckup. Didn't realize how popular it was.
PS I removed ALL references to Let'sEncrypt in my cert store
before installing the new ones. Didn't want any conflicts.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Google Fuchsia - 2021
Hi all.
The number of websites unusable with XP is increasing, due to the "invalid >certificate".
1) is there an easy way to install other certificates on XP?.
2) even if the certificate is invalid, the browser offers the option to >continue. What may be the risk of continuing?
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Hi all.
The number of websites unusable with XP is increasing, due to the "invalid >> certificate".
1) is there an easy way to install other certificates on XP?.
2) even if the certificate is invalid, the browser offers the option to
continue. What may be the risk of continuing?
In Firefox I get "This site is untrusted", aznd in most cases I can
override it.
But in Maxthon I get this:
Avast has blocked access to https://share.social9.co/ because one of
the issuers of the server certificate has expired.
What is causing it, and can anything be done about it?
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Hi all.
The number of websites unusable with XP is increasing, due to the "invalid >>certificate".
1) is there an easy way to install other certificates on XP?.
2) even if the certificate is invalid, the browser offers the option to >>continue. What may be the risk of continuing?
In Firefox I get "This site is untrusted", aznd in most cases I can
override it.
But in Maxthon I get this:
Avast has blocked access to https://share.social9.co/ because one of
the issuers of the server certificate has expired.
What is causing it, and can anything be done about it?--
On 10/6/2021 6:59 AM, Steve Hayes wrote:
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Hi all.
The number of websites unusable with XP is increasing, due to the "invalid >>> certificate".
1) is there an easy way to install other certificates on XP?.
2) even if the certificate is invalid, the browser offers the option to
continue. What may be the risk of continuing?
In Firefox I get "This site is untrusted", aznd in most cases I can
override it.
But in Maxthon I get this:
Avast has blocked access to https://share.social9.co/ because one of
the issuers of the server certificate has expired.
What is causing it, and can anything be done about it?
Is the spelling of this
share.social9.co
correct, or is something missing ?
Paul
On Wed, 6 Oct 2021 08:21:47 -0400, Paul wrote:
On 10/6/2021 6:59 AM, Steve Hayes wrote:
On Fri, 1 Oct 2021 16:02:46 +0200, "G.F." <nospam@grazie.it> wrote:
Hi all.
The number of websites unusable with XP is increasing, due to the "invalid >>>> certificate".
1) is there an easy way to install other certificates on XP?.
2) even if the certificate is invalid, the browser offers the option to >>>> continue. What may be the risk of continuing?
In Firefox I get "This site is untrusted", aznd in most cases I can
override it.
But in Maxthon I get this:
Avast has blocked access to https://share.social9.co/ because one of
the issuers of the server certificate has expired.
What is causing it, and can anything be done about it?
Is the spelling of this
share.social9.co
correct, or is something missing ?
Paul
I think it's `.com`. Not `.co`. Cause I don't think Colombia domains are >popular enough.
There doesn't seem to be a problem with its certificate when accessed from >XP.
https://www.ssllabs.com/ssltest/analyze.html?d=share.social9.com
Hi all.
The number of websites unusable with XP is increasing, due to the "invalid certificate".
1) is there an easy way to install other certificates on XP?.
2) even if the certificate is invalid, the browser offers the option to continue. What may be the risk of continuing?
On 2021-10-1 22:02, G.F. wrote:
Hi all.
The number of websites unusable with XP is increasing, due to the "invalid >> certificate".
1) is there an easy way to install other certificates on XP?.
Yes, XP can still update to the most recent OS|IE certificates. Try the tool at:
https://msfn.org/board/topic/175170-root-certificates-and-revoked-certificates-for-windows-xp/page/3/
On 2021-10-1 22:02, G.F. wrote:
Hi all.
The number of websites unusable with XP is increasing, due to the
"invalid certificate".
1) is there an easy way to install other certificates on XP?.
Yes, XP can still update to the most recent OS|IE certificates. Try
the tool at: https://msfn.org/board/topic/175170-root-certificates-and-revoked-cert ificates-for-windows-xp/page/3/
And use a more recent browser: https://rtfreesoft.blogspot.com/search/label/serpent
2) even if the certificate is invalid, the browser offers the option
to continue. What may be the risk of continuing?
There's possibility of man-in-the-middle attack, trying to steal
something from you. No risk if you do not provide personal
information or install anything.
On 03:40 10 Oct 2021, Lu Wei said:
On 2021-10-1 22:02, G.F. wrote:
Hi all.
The number of websites unusable with XP is increasing, due to the
"invalid certificate".
1) is there an easy way to install other certificates on XP?.
Yes, XP can still update to the most recent OS|IE certificates. Try
the tool at:
https://msfn.org/board/topic/175170-root-certificates-and-revoked-cert
ificates-for-windows-xp/page/3/
Interesting old thread. Is all everything required to be done written on
that page (page three)? I don't have the stamina to go through 38 pages!
And use a more recent browser:
https://rtfreesoft.blogspot.com/search/label/serpent
I find MyPal (v.29) runs a bit slowly but is more compatible with sites
than Firefox v.52. Is Serpent better?
2) even if the certificate is invalid, the browser offers the option
to continue. What may be the risk of continuing?
There's possibility of man-in-the-middle attack, trying to steal
something from you. No risk if you do not provide personal
information or install anything.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 294 |
Nodes: | 16 (2 / 14) |
Uptime: | 245:46:42 |
Calls: | 6,626 |
Calls today: | 2 |
Files: | 12,175 |
Messages: | 5,320,569 |