frantici
asked on
Problems removing trusted certificate *Found solution myself*
Hi,
We have access to a site which is somewhat protected by a certificate, which we can choose to add as trusted or not.
The only real difference is that we dont need push the accept button on the certificate each time we load the page.
Ofcourse we added the certificate to the machines which used the site frequently, but here is the problem.
The certificate went out of date, and the site blocked all access.
I removed the certificate from the trusted certificate store in IE and checked for any other occurances of this certificate (none was found).
I then added the new certificate into the trusted certificate store, but the site just seems to ignore this.
Removing the certificate does not improve the situation.
On the server side it seems that the server is asking for a certificate, getting some kind of answer which it doesnt like and tries again (and again into a loop) ..
Here is the strange part, this only happens on a few select machines, they do not differ in any way, not software, os or even updates to the os.
And it ofcourse does not happen to the machines which didnt have the certificate added to the trusted store.
I think that it might be that IE, is somewhat storing the certificate even if it is supposed to be removed.
And even supplying the site with the old certificate..
Anyways I am only rambling here as i dont really got a clue to what/where and how, but i hope that someone here has encountered this problem.
OS/Browser info:
Windows XP SP1
IE 6.0.2800.1106
Sincerly
Trym K. Bjerkan
We have access to a site which is somewhat protected by a certificate, which we can choose to add as trusted or not.
The only real difference is that we dont need push the accept button on the certificate each time we load the page.
Ofcourse we added the certificate to the machines which used the site frequently, but here is the problem.
The certificate went out of date, and the site blocked all access.
I removed the certificate from the trusted certificate store in IE and checked for any other occurances of this certificate (none was found).
I then added the new certificate into the trusted certificate store, but the site just seems to ignore this.
Removing the certificate does not improve the situation.
On the server side it seems that the server is asking for a certificate, getting some kind of answer which it doesnt like and tries again (and again into a loop) ..
Here is the strange part, this only happens on a few select machines, they do not differ in any way, not software, os or even updates to the os.
And it ofcourse does not happen to the machines which didnt have the certificate added to the trusted store.
I think that it might be that IE, is somewhat storing the certificate even if it is supposed to be removed.
And even supplying the site with the old certificate..
Anyways I am only rambling here as i dont really got a clue to what/where and how, but i hope that someone here has encountered this problem.
OS/Browser info:
Windows XP SP1
IE 6.0.2800.1106
Sincerly
Trym K. Bjerkan
Yes, the registry has numerous certificates and references to them, to make it 'easy' for users, who do not need to intall any on their own. You can try searching for "certificates' to find some. They are probably still spread all around at many places in registry, with possible replication of it for user and machine (producing a delete, update, or removal issue).
> They are named by some strange
Another way to do, while in IE looking at certificates, try "Trusted Root Certifificate Authorities" (tab on right). Select one, the View|details, and scroll down. Near the bottom is the thumbprint. This is where it is Unique. (not the serial number at the top). Take several of the characters at the beginning of this long hexstring and you can search for it in registry with regedit.
Note: for the place to put the key, advise is to assign it to the machine, not the user. There are many ways to overlap and fairly duplicate. We have two seemingly identical keys, each with a different expiry, each for different application for internal use at company only. The key identifier is the thumbprint.
> They are named by some strange
Another way to do, while in IE looking at certificates, try "Trusted Root Certifificate Authorities" (tab on right). Select one, the View|details, and scroll down. Near the bottom is the thumbprint. This is where it is Unique. (not the serial number at the top). Take several of the characters at the beginning of this long hexstring and you can search for it in registry with regedit.
Note: for the place to put the key, advise is to assign it to the machine, not the user. There are many ways to overlap and fairly duplicate. We have two seemingly identical keys, each with a different expiry, each for different application for internal use at company only. The key identifier is the thumbprint.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
PAQ - Refund
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
war1
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
PAQ - Refund
Any objections should be posted here in the next 4 days. After that time, the question will be closed.
war1
EE Cleanup Volunteer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
They are stored in this directory:
X:\Documents and Settings\X USERNAME X\Application Data\Microsoft\SystemCerti
They are named by some strange key type, most likely there are refrences to this in the registry, i didnt check, but if you want your system to be clean
you might want to remove any refrence to these certificates in the registry too.
So obviously Microsoft decided to keep certificates and give them to the sites, even if you decide you dont want them.
Sincerely
Trym K. Bjerkan