General Certificate Authority Question

I have very tight firewall rules on my WIN XP SP3 installation.

Over the last few months, I have seen occasional outbound requests from Win Explorer from TCP ports in the range of 1024 - 1040 to port 80 to various certificate issuers like Verisgn for a certificate.

I have never seen certificate requests using Win Explorer like this previously. Is this normal behavior?

[Edit] Most of these are not related to a software installation. For example yesterday right after a boot, I saw a connection attempt to Verisgn from Win Explorer for both crl.thawte.com and cs-g2-crl.thwate.com.

Wow! No Answers/comments yet?

According to TechNet and Microsoft: Certificate Support and the Update Root Certificates Component | Microsoft Learn , certifcate updates are supposed to be occuring via Win Updates. If this is still applicable(the article is dated 2003), then this would be a svchost.exe outbound TCP port 80/443 thing I would assume?

So why are certificate requests/updates being initiated by Windows Explorer? And in a http: non-secure manner to boot?

As far as my previous "I saw a connection attempt to Verisgn from Win Explorer for both crl.thawte.com and cs-g2-crl.thwate.com. ", This appears to be an update request for the SpywareBlaster certificate which Thwate services. That certificate is due to expire on 5/20.