Updating Root Certificates on Windows Server

You may encounter issues on Windows Server when surfing the web, SSL certificates appear to be invalid, even though your locale/region settings and date/time are correct.

In this scenario;

Generate a root certificate SST file (from a working computer **IMPORTANT**) using the following command

certutil.exe -generateSSTFromWU roots.sst

Transfer newly generated roots.sst file to affected computer/server and execute the following command

certutil -addstore -f root roots.sst

If the above command does not work, you can manually import the SST file using MMC, add Certificates (Computer Account) snap-in, navigate to Trusted Root Certification Authorities store and import the above SST file.