Windows 2000/XP root CA certificates updater

Go to file

~lucidiot b5635ca0fc Update README		2022-11-12 22:49:02 +01:00
CertBoatSetup	Create installer	2022-11-12 22:37:00 +01:00
Lucidiot.CertBoat	Create installer	2022-11-12 22:37:00 +01:00
vendor	Vendor in the task scheduler library	2022-11-12 16:20:33 +01:00
.gitignore	Initial commit	2022-11-05 02:26:29 +01:00
LICENSE	Initial commit	2022-11-05 02:26:29 +01:00
Lucidiot.CertBoat.sln	Initial commit	2022-11-05 02:26:29 +01:00
README.md	Update README	2022-11-12 22:49:02 +01:00

README.md

CertBoat

ToeCracker said that "update" sounded like "u-boat", and I remembered that certbot is a thing, so here comes CertBoat.

CertBoat connects to the modern Windows Update endpoints to retrieve Certificate Trust Lists for both root certification authorities and revoked certificates and update the local certificate stores. It allows Windows 2000 and XP systems to still receive certificate updates, and thus avoid yet another source of obsolescence.

Installation

Make sure you have .NET Framework version 2.0 or later installed.
Download the latest .msi installer from the releases page.
Run the installer and follow its instructions.

Usage

CertBoat has been installed as a scheduled task through its .msi installer, and you no longer have to care about it. If you still want to manually update, you can do so by running Lucidiot.CertBoat.exe at the nearest command prompt, or you can manually execute the CertBoat scheduled task from the Scheduled Tasks folder. Run Lucidiot.CertBoat.exe /help to learn more about the available options.

Configuration

A few settings can be configured using an XML file located next to the executable, for example at C:\Program Files\lucidiot\CertBoat\Lucidiot.CertBoat.exe.config:

UserAgent: The User-Agent header sent in HTTP requests to the certificate trust list download URLs. {0} will be replaced by the version number of the program. By default, CertBoat/{0} will be used, which results in CertBoat/1.0.0 for the initial release.
CabinetUris: A list of whatever amount of URIs you want pointing to .cab archive files. Each file must contain only one file, a certificate trust list in .stl extension. HTTP should be preferred as HTTPS might not work if the local machine's root certificates are very badly out of date.
SystemStoreName: Name of the system certificate store that CertBoat will store the certificate trust lists into. This defaults to trust, which appears to be where Windows Update used to put the CTLs when it still managed the updates. You can find a list of existing system stores in the Registry, under HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\. Each key inside of that key is a separate store, and you can also specify a non-existing name to create a new store.

If you wish to reset to the default settings, just delete the .config file. It will be recreated on the next execution of CertBoat.

Translations

Translations of this tool are welcome! Copy and paste the Lucidiot.CertBoat/Strings.resx and Strings.Designer.cs files and append a language code to it, for example Strings.de.resx and Strings.de.Designer.cs for a German translation, then edit Strings.de.resx to update all the <value> tags to translated values. The <comment> tags should help you understand in which context each string is used to make better translations.

If you have Visual Studio installed, you can copy and paste Strings.resx and add the language code from within the Project Explorer panel, then open the GUI editor to get a cleaner overview of the translations to create.