Windows 2000/XP root CA certificates updater
Go to file
~lucidiot b5635ca0fc Update README 2022-11-12 22:49:02 +01:00
CertBoatSetup Create installer 2022-11-12 22:37:00 +01:00
Lucidiot.CertBoat Create installer 2022-11-12 22:37:00 +01:00
vendor Vendor in the task scheduler library 2022-11-12 16:20:33 +01:00
.gitignore Initial commit 2022-11-05 02:26:29 +01:00
LICENSE Initial commit 2022-11-05 02:26:29 +01:00
Lucidiot.CertBoat.sln Initial commit 2022-11-05 02:26:29 +01:00 Update README 2022-11-12 22:49:02 +01:00


ToeCracker said that "update" sounded like "u-boat", and I remembered that certbot is a thing, so here comes CertBoat.

CertBoat connects to the modern Windows Update endpoints to retrieve Certificate Trust Lists for both root certification authorities and revoked certificates and update the local certificate stores. It allows Windows 2000 and XP systems to still receive certificate updates, and thus avoid yet another source of obsolescence.


  1. Make sure you have .NET Framework version 2.0 or later installed.
  2. Download the latest .msi installer from the releases page.
  3. Run the installer and follow its instructions.


CertBoat has been installed as a scheduled task through its .msi installer, and you no longer have to care about it. If you still want to manually update, you can do so by running Lucidiot.CertBoat.exe at the nearest command prompt, or you can manually execute the CertBoat scheduled task from the Scheduled Tasks folder. Run Lucidiot.CertBoat.exe /help to learn more about the available options.


A few settings can be configured using an XML file located next to the executable, for example at C:\Program Files\lucidiot\CertBoat\Lucidiot.CertBoat.exe.config:

The User-Agent header sent in HTTP requests to the certificate trust list download URLs. {0} will be replaced by the version number of the program. By default, CertBoat/{0} will be used, which results in CertBoat/1.0.0 for the initial release.
A list of whatever amount of URIs you want pointing to .cab archive files. Each file must contain only one file, a certificate trust list in .stl extension. HTTP should be preferred as HTTPS might not work if the local machine's root certificates are very badly out of date.
Name of the system certificate store that CertBoat will store the certificate trust lists into. This defaults to trust, which appears to be where Windows Update used to put the CTLs when it still managed the updates. You can find a list of existing system stores in the Registry, under HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\. Each key inside of that key is a separate store, and you can also specify a non-existing name to create a new store.

If you wish to reset to the default settings, just delete the .config file. It will be recreated on the next execution of CertBoat.


Translations of this tool are welcome! Copy and paste the Lucidiot.CertBoat/Strings.resx and Strings.Designer.cs files and append a language code to it, for example and for a German translation, then edit to update all the <value> tags to translated values. The <comment> tags should help you understand in which context each string is used to make better translations.

If you have Visual Studio installed, you can copy and paste Strings.resx and add the language code from within the Project Explorer panel, then open the GUI editor to get a cleaner overview of the translations to create.