hi, the root CA could be added to the server bundle....but that wont help as the root CA needs to be known and trusted by the client. in this case, windows 7.
rather than supplying certs, it seems like microsoft is supplying them 'on demand' in some cases...to keep fresh versions around rather than having issues of stale ones that have been superceeded..... as other mail says, go to a web site signed by that CA and windows will then know about it.. .how? from what I recall, if you go to a site with unknown CA then windows will go to a CA repository site...i recall Microsoft-CryptoAPI being the agent and it collecting (or trying to collect said certs) .... hang on..ah yes, /msdownload/update/v3/static/trustedr/en/authrootstl.cab so....if unknown, it will try to get them from microsoft akamai place. so, CA not known by clien natively? get it installed - have some setup/bootstrap network SSID or manually get it on. alan _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
