I have a trusted third party's root certificate. I install this to the 'Trusted Root Certification Authorities' certificate store in Windows Server 2008, but it disappears from the certificate store at unknown times.
What could be causing this?
- The certificate has not expired
- It doesn't appear to have been revoked
I can't see any relevant event logs around the times of incidents- It happens on my dev machine, test environments and production servers
- The production servers are not on a domain, just a workgroup (hosted in Rackspace)
- Querying group policy (gpresult /h foo.html) doesn't report that I'm prevented from trusting 3rd party root CA's
I'm using the following code in a c# command line app to install the cert:
X509Certificate2 certificate = new X509Certificate2("trusted-root-cert.cer");
X509Store store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
store.Close();
The certificate installation code happens to run every time I release a change to my application. I don't see how this could do any harm but it's worth mentioning.
There might be something wrong about the way I'm installing the certificate. What is the preferred way of installing?
Best Answer
Doing more thorough digging in the Application event log, this entry occured:
It turns out that 3rd party root CA's can be deleted by Windows if they are not recognised:
http://toastergremlin.com/?p=144