https://github.com/asheroto/updaterootcertificates
Downloads and installs updated root and disallowed certificates on Windows. No settings are changed. Windows Update not required.
https://github.com/asheroto/updaterootcertificates
application certificate certificates disallowed-certificates powershell root root-certificates script tool update windows
Last synced: 6 months ago
JSON representation
Downloads and installs updated root and disallowed certificates on Windows. No settings are changed. Windows Update not required.
- Host: GitHub
- URL: https://github.com/asheroto/updaterootcertificates
- Owner: asheroto
- Created: 2021-01-07T09:42:05.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2025-03-31T22:30:35.000Z (6 months ago)
- Last Synced: 2025-04-05T14:42:10.101Z (6 months ago)
- Topics: application, certificate, certificates, disallowed-certificates, powershell, root, root-certificates, script, tool, update, windows
- Language: Visual Basic .NET
- Homepage: https://www.powershellgallery.com/packages/UpdateRootCertificates
- Size: 783 KB
- Stars: 69
- Watchers: 4
- Forks: 10
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
[](https://github.com/asheroto/Root-Certificate-Updater/releases)
[](https://github.com/asheroto/Root-Certificate-Updater/releases)
[](https://github.com/asheroto/Root-Certificate-Updater/releases)
[](https://github.com/sponsors/asheroto?frequency=one-time&sponsor=asheroto)
)
# UpdateRootCertificates (Root Certificate Updater)
> [!NOTE]
> The EXE (GUI) version has been deprecated and replaced by the PowerShell script version, which is now the only actively supported method. The EXE remains available in the repository for historical reference but is no longer maintained. The repository `Root-Certificate-Updater` has been renamed to `UpdateRootCertificates` to match the name of the script.
Update root certificates (and disallowed certificates) on Windows.
This script downloads and installs the latest `.sst` files from Microsoft containing trusted and disallowed root certificates.
**No changes are made to any system settings**, and **Windows Update is NOT required** for this to work.
## Running the script
You can either:
- Download the [latest code-signed release](https://github.com/asheroto/Root-Certificate-Updater/releases/latest/download/UpdateRootCertificates.ps1) of the script
**OR**
- Install it from PowerShell Gallery using:
```powershell
Install-Script UpdateRootCertificates -Force
```
Published here: [PowerShell Gallery – UpdateRootCertificates](https://www.powershellgallery.com/packages/UpdateRootCertificates)
---
## Usage
| Command | Description |
| ---------------------------------------- | ---------------------------------------------------------------- |
| `UpdateRootCertificates` | Normal execution |
| `UpdateRootCertificates -Force` | Skips the 10-second wait before running |
| `UpdateRootCertificates -Verbose` | Shows detailed output during certificate installation |
| `UpdateRootCertificates -CheckForUpdate` | Checks for the latest version of the script |
| `UpdateRootCertificates -UpdateSelf` | Updates the script to the latest version from PowerShell Gallery |
| `UpdateRootCertificates -Version` | Displays the current script version |
| `UpdateRootCertificates -Help` | Displays full help documentation |
---
## Other Notes
- The PowerShell version downloads `.sst` files directly (e.g., `authroots.sst`, `updroots.sst`, `roots.sst`, `disallowedcert.sst`) from Microsoft’s root certificate update service.
- Files are installed using `certutil`
- All `.sst` files are removed after installation unless the process fails.
- The CMD and EXE-based versions have been replaced entirely by this PowerShell-based solution.