TrustCor root CA not in Windows 10

Question

Just saw a piece of news about potential issues with TrustCor root CA.

I don't see the TrustCor root CA in windows certificate manager.

I do see it in Firefox cert store.

Browsing to trustcor.com in Chrome under Windows 10 works fine showing a padlock icon.

Viewing the site's cert shows this at the root: TrustCor RootCert CA-2

AFAIK, Chrome uses Windows cert store but again that root CA doesn't seem to be there.

How's this site trusted by Chrome? Possible cross signing?

BTW, one should note that that CA is super dodgy https://twitter.com/matthew_d_green/status/1589985955725062144?t=gVLK7By0BeBy4I14eWyckg&s=19 — Bruno Rohée, Nov 09 '22 at 08:47

Bruno Rohée · Accepted Answer · 2022-12-02T10:03:24.907

1

TrustCor is one of them, no shenanigans here.

December 2022 edit : Trustcor was in fact very shady and is getting removed from some trust stores, possibly more later : https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/WJXUELicBQAJ

edited Dec 02 '22 at 10:03

answered Nov 08 '22 at 16:24

Bruno Rohée

Thanks. I see it now. Here's what happened in case others run into this. 100% sure it wasn't in the list when I pulled up Windows certificate manager. eventually I right clicked on "Trusted Root Certification Authorities" and selected Find and searched for "trustcor" and it found them. Now they appear in the list. Don't know if it was a cache issue or what. – rvh Nov 08 '22 at 16:54
rvh: non-ancient Windows _automatically adds_ root certs on Microsoft's trust list, see https://security.stackexchange.com/questions/46332/browsers-silently-adding-trusted-root-certificates-in-windows https://security.stackexchange.com/questions/108951/how-much-of-a-problem-is-it-that-windows-hides-some-of-the-trusted-root-ca-cer https://security.stackexchange.com/questions/81491/are-there-other-roots-of-trust-on-my-computer-aside-from-these-46-root-certifica – dave_thompson_085 Dec 03 '22 at 05:20

1 Answers1