Update Root Certificates sends a request to the Windows Update Web site, asking for the current list of root certification authorities in the Microsoft Root Certificate Program.
Update Root Certificates is installed by default in Windows XP.
If the machines are not directly connected to Internet you can find the error on eventlog:
Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Time: 9:55:56 AM
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
If you want to prevent the Update Root Certificates component in Windows XP from communicating automatically with the Microsoft Windows Update Web site, you can disable this component with Group Policy, or you can remove it, or you can set machine proxy.
To Disable the Update Root Certificates Component by Using Group Policy
- Click Computer Configuration, click Administrative Templates, click System, click Internet Communication Management, and then click Internet Communication settings.
- In the details pane, double-click Turn off Automatic Root Certificates Update, and then click Enabled.
To Remove the Update Root Certificates Component from an Individual Computer Running Windows XP
Click Start, and then either click Control Panel, or point to Settings and then click Control Panel.
- Double-click Add or Remove Programs.
- Click Add/Remove Windows Components (on the left).
- Scroll down the list of components to Update Root Certificates, and make sure the check box for that component is cleared.
- Follow the instructions to complete the Windows Components Wizard.
To configure WinHTTP and “Update Root Certificates” by using Proxycfg.exe, follow these steps:
- To see the current proxy settings for WinHTTP, type proxycfg, and then press RETURN. By default, the current proxy setting should be “Proxy Direct.” In this scenario, type proxycfg -d, and then press RETURN to restore the default proxy settings for WinHTTP.
- To not use any proxy servers when connecting server-to-server, type proxycfg -d, and then press RETURN.
- To use a proxy server when connecting server-to-server, type proxycfg -p, type the proxy servers you want to use, and then press RETURN. Additionally, you can add optional bypass lists for servers that will not be accessed through a proxy. You can find acceptable proxy server formats or bypass formats in the the Proxycfg.exe utility ReadMe.txt file.
- To import proxy information from the settings that Internet Explorer uses to connect to the Internet, also known as the WinInet settings, and to include this proxy information in the WinHTTP settings, type proxycfg -u, and then press RETURN.
proxycfg -d -p my Proxy Server:80 ""