The UpdCaCert application looks for an updated version of the InetDBase:CertData file; if it finds one, it downloads it in place of the old one and keeps the old one as a backup.

The curl application is used to handle the secure communication.

The InetDBase:CertData file is a collection of certificates used by secure communication software to verify that a web site is legitimate. Examples are AcornSSL and applications that use it, FTPc, AntiSpam, NewsHound, and curl. From time to time, certificates expire or are invalidated, so InetDBase:CertData must be kept reasonably up to date. I suggest checking once a week. UpdCaCert only downloads a file if it is newer, so as not to place an unnecessary burden on the server.

UpdCaCert is known to run on RISC OS 4, 5 and 6, on native hardware and under emulation. It should run on versions as early as 3.5, but this has not been tested. There is no point in running it on anything earlier than 3.5 as nothing that uses the InetDBase:CertData file can run on those versions.


The UpdCaCert application is released under the GNU General Pulic Licence (GPL) version 2.

You will also need

You will also need a recent version of the curl application. The word "application" is significant - older versions of curl were a single executable; they will not work with UpdCaCert. What you need is one with an application directory named "!curl". See the next paragraph.


Copy the !UpdCaCert application to a suitable place, e.g. the Apps folder.

Ensure that curl is installed and has been seen by the filer. If you haven't got it already, you can get it from here.


Double-click the UpdCaCert application. Its icon appears on the icon bar and a progress window opens. The machine single-tasks for a few seconds while curl loads and the fetch takes place, after which a results window opens to report how it has gone. If the result is success, the InetDBase:CertData file has been installed, either because it is newer than the previous one, or because there wasn't an existing one.

If an existing CertData file has been replaced by a newer one, the older one is renamed as CertData_bak.

If InetDBase:CertData was already up to date, UpdCaCert reports this and leaves the file and the backup untouched.

This thing doesn't run itself, you know

This application should be run something like once a week, to make sure that InetDBase:CertData is kept up to date. However, it is up to the user to run it. I suggest two possible methods:

• Use Alarm or a similar application, or your mobile phone, to set yourself a repeating reminder to run UpdCaCert.

• Use Alarm to set a repeating Task Alarm to run UpdCaCert directly. The small downside is that UpdCaCert single-tasks for a few seconds, and it just might happen to be at an inconvenient moment.


No change to the configuration should be necessary. There are only four configurable items, all of which reside in the !Run file; these are the URL (web address) from which the CertData file is sourced; and minimum and maximum file sizes, against which any download is checked; and logging. Anything smaller than the minimum or larger than the maximum is rejected as being implausible, i.e. something has probably gone wrong with the download, in which case the existing CertData is left alone.

Logging is, by default, turned off. It is possible to get the app to log some salient information. If this should be necessary, instructions are in the !Run file.


I am grateful to Dave Symes for his efforts in testing UpdCaCert on VRPC, RPCEmu and old versions of RISC OS.


You can download UpdCaCert from here.

Revision history

0.02 2021 October 22 First release

0.03 2021 November 6 Works on RISC OS 4 and 6 on VRPC and RPCEmu, as well as RISC OS 5 on native hardware. Logging arrangements improved.

Page last updated 2021 November 6