How does the Windows 10 CTL update mechanism work ? RRS feed

  • Question

  • Hi,

    On all windows version lower as Windows 10, the Trusted Root and Intermediate certificates were updated using Windows Update. It seems very hard to find out how Windows 10 gets its updates.

    Can anyone reveil how this is done ?



    Monday, May 29, 2017 9:12 AM

All replies

  • Hi Rene,

    Windows 10 also access the Windows Update site by using the automatic update mechanism to update CTL.

    If the computers in your network are configured in a domain environment and they are unable to use the automatic update mechanism or download CTLs, you could implement a GPO in AD DS to configure those computers to obtain the CTL updates from an alternate location.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, May 30, 2017 1:49 AM
  • Hi Karen,

    So if i'm right, the public Root CA certificates like Digicert, are still updated in the 'Trusted Root Authorities' store using Windows Update mechanism in Windows 10, right ?

    The only information we have about the CTL updates is that it is seperated from Windows Updates since Windows 10.

    What i could find about this, is that as soon as you request a webpage that relies on a certain root certificate that is not already in the Trusted Root Authorities Store, a process gets the Root certificate from somewhere. This only happens on Windows 10/2016.
    • Edited by René P Tuesday, May 30, 2017 11:35 AM
    Tuesday, May 30, 2017 7:05 AM