)
Update root and disallowed certificates on Windows. No system settings are changed, and Windows Update is not required.
The PowerShell and CMD versions are now deprecated due to compatibility and dependency issues on some systems. The recommended method going forward is the standalone EXE.
- Updates trusted and disallowed root certificates
- Does not require Windows Update
- Does not alter any Windows settings
- Works on Windows XP through 11
- No installation required
The EXE version is the easiest and most compatible method.
Download the latest version (ZIP)
ZIP Password: password (used to avoid false positives from antivirus software)
| Version | Supported OS | Notes |
|---|---|---|
RootCertificateUpdater.exe |
Windows XP – 11 | Recommended method |
UpdateRootCertificates.ps1 |
Windows 7 – 11 | Deprecated; requires PowerShell 5.1+ |
UpdateRootCertificates.cmd |
Windows XP – 8 | Deprecated; requires updroots.exe |
These options are still available for legacy use but are no longer maintained.
⚠️ Deprecated. Use the EXE version instead.
Still available on PowerShell Gallery.
Install-Script UpdateRootCertificates -Force
UpdateRootCertificates -CheckForUpdate| Command | Description |
|---|---|
UpdateRootCertificates |
Normal execution |
-Force |
Skips wait time before running |
-Verbose |
Shows detailed log output |
-CheckForUpdate |
Checks for a newer version |
-UpdateSelf |
Updates the script from Gallery |
-Version |
Shows current script version |
-Help |
Shows usage info |
⚠️ Deprecated. Use only on Windows XP–8 whereupdroots.exeis available.
- Opens certificate download links in browser
- Requires manual interaction
- Supports cert removal (
updroots -d)