Changes in Mar 2nd 2013 Version

  1. Added to Proxy32 new certificate checking options that were added by Microsoft to Certificate Chains Verification Functions on Win7 and Win8. Those options are related to ability to replace CURRENT USER and LOCAL COMPUTER level of trust by APPLICATION level of trust when using Windows-supplied Certificate Chains Verification Functions.
    1. On Win7 there is a new option to replace system root certificate store by the user-supplied certificate store when building Certificate Chains Verification Engine.
    2. On Win8 there is a new option to enable trust to any CA (not necessarily root CA) when it is installed into user-supplied replacement of the system root certificate store.
    3. On Win7 there is a new option to replace system TrustedPeople certificate store by the user-supplied certificate store when building Certificate Chains Verification Engine.

    Those new options are added as check marks on the Page “TLS Server Trusted Store” of the Options Dialog. - "Replace system ROOT store by Server PFX-Store (Win7+). Before Win7: Copy CAs to sysroot" - "Intermediate CAs in the replaced ROOT are trusted without checking their root CAs (Win8)" - "Replace system TRUSTED PEOPLE store by Server PFX-Store (Win7+)".

    Note: Option "Replace system ROOT store by Server PFX-Store (Win7+). Before Win7: Copy CAs to sysroot" is the new name for the check mark “To be trusted System Root Certificate should also be installed into Server Trusted PFX store”. On Win7 and Win8 this option replaces Windows system ROOT store by user-supplied PFX-Store for the purpose of checking TLS Client certificate in Proxy32 TLS Server. On WinVista and WinXP this option works differently: - On WinVista and WinXP system root store is not replaced but restricted. That means that trusted root certificates should also be installed into regular system root store, not only into user-supplied replacement of the system root store. - On WinVista and WinXP user-supplied replacement of the system root store should not contain any non-root certificates, otherwise user will receive error message when certificate checking is performed.

"TLS Set Server Trusted Store" Options Dialog Page

"TLS Set Server Trusted Store" Options Dialog Page

  1. Added option not to add BASIC_CONSTRAINTS2 extension to root CA certificate that is created by Proxy32 CA on the Page "Create Root CA Certificate" in Proxy32 Options Dialog. This options is for testing only, not for production certificates, so, this extension is added by default.
"TLS Create ROOT Certificate" and place it into the store - Options Dialog Page

"TLS Create ROOT Certificate" and place it into the store - Options Dialog Page

  1. Updated following pages:

TLS Client Certificate

TLS Certificates Validation

Options Dialog

TLS Configuration Guide: Step-by-step