Windows 10: Root CA certificate automatically added to local machine without internet connection

On a fresh installed Windows 10 in virtual environment, that is disconnected from the internet by disabling the virtual network adapter, new root CA certificate is automatically added to the local machine trusted root certificate authorities after viewing the digital signature of a PE file properties --> digital signatures --> choose one of the signatures and press "details".

Could you explain how Windows is obtaining the new root CA certificate when the machine is offline? As I understand, it should not be possible to obtain the new root CA certificate as connection to Windows Update Web site is unavailable and PE file typically does not embed the root CA certificate.


The question i am asking is similar to this https://answers.microsoft.com/en-us/windows/forum/windows_10-security-winpc/root-certificate-authority-automatically-added/b25e07e6-ea1d-4181-98de-e4bc2e1677b3 . However, the older thread is does not have a conclusive answer and is locked from further discussion. Hence, I am re-posting the question. Any help will be much appreciated.

:)

 

root certificate authority automatically added without internet connection

Windows adds root certificate authority - why and how?

• After a fresh installation of Windows 10 or Windows 2012 while the devices is not connected to the internet, the system comes with a few basic root certificate authorities. (See image 1)
• After copying over the installation file for Wireshark (a network sniffer), viewing the file's digital signature details (properties --> digital signatures --> choose one of the signatures and press "details"). (see image 2)
• The certificate is automatically added to the trusted root certificate authorities. (see image 3)

This is an example of an instance of this behavior. I've seen several more files with different certificates that Windows treats this way.

I am aware that starting Windows Vista, Microsoft Windows doesn't contain all of the trusted root certificates in order to improve performance but is it actually so? Are the hashes of these certificates stored somewhere in the registry? If so, what if they
are revoked?

I would love to understand this more so if anyone can explain or refer me to documentation that can explain this behavior it will be greatly appreciated.

Thank you,



Images

Image 1 - Windows 10 Certificates after clean install (notice - 14 root certificates)





Image 2 - View Digital Signature Details





Image 3 - Root certificate authorities after viewing the file's digital signature (notice - 15 root certificates)

 

Root Certificate Program updates on mobile?

what version of Windows Mobile or Windows Phone supports automatic update of root certification authorities according to the Root Certificate Program members?

If 6.5 does not support it, is anywhere a list of preinstalled root CAs?

if 7.0 does not support it, is anywhere a list of preinstalled root CAs?

thanks. ondrej.

 

AddTrust External CA Root certificate

Hi!



I am having the following problem: my employer is using an new security certificate for WiFi (AddTrust External CA Root certificate). I was wondering whether somebody can tell me how to install this new certificate on my N97 mini. I have
the AddTrustExternalCARoot.crt file, but how to install on my device?



Any suggestions are welcome, many thanx in advance!



best, John