We help IT Professionals succeed at work.

Problems removing trusted certificate *Found solution myself*

frantici
frantici asked
on
209 Views
Last Modified: 2010-04-11
Hi,

We have access to a site which is somewhat protected by a certificate, which we can choose to add as trusted or not.
The only real difference is that we dont need push the accept button on the certificate each time we load the page.

Ofcourse we added the certificate to the machines which used the site frequently, but here is the problem.

The certificate went out of date, and the site blocked all access.

I removed the certificate from the trusted certificate store in IE and checked for any other occurances of this certificate (none was found).
I then added the new certificate into the trusted certificate store, but the site just seems to ignore this.

Removing the certificate does not improve the situation.

On the server side it seems that the server is asking for a certificate, getting some kind of answer which it doesnt like and tries again (and again into a loop) ..
Here is the strange part, this only happens on a few select machines, they do not differ in any way, not software, os or even updates to the os.

And it ofcourse does not happen to the machines which didnt have the certificate added to the trusted store.

I think that it might be that IE, is somewhat storing the certificate even if it is supposed to be removed.
And even supplying the site with the old certificate..

Anyways I am only rambling here as i dont really got a clue to what/where and how, but i hope that someone here has encountered this problem.

OS/Browser info:
Windows XP SP1
IE 6.0.2800.1106


Sincerly
Trym K. Bjerkan
Comment
Watch Question

Author

Commented:
I actually found the solution myself.

They are stored in this directory:
X:\Documents and Settings\X USERNAME X\Application Data\Microsoft\SystemCertificates\My\Certificates
They are named by some strange key type, most likely there are refrences to this in the registry, i didnt check, but if you want your system to be clean
you might want to remove any refrence to these certificates in the registry too.

So obviously Microsoft decided to keep certificates and give them to the sites, even if you decide you dont want them.

Sincerely
Trym K. Bjerkan

Commented:
Yes, the registry has numerous certificates and references to them, to make it 'easy' for users, who do not need to intall any on their own. You can try searching for "certificates' to find some. They are probably still spread all around at many places in registry, with possible replication of it for user and machine (producing a delete, update, or removal issue).

> They are named by some strange

Another way to do, while in IE looking at certificates, try "Trusted Root Certifificate Authorities" (tab on right). Select one, the View|details, and scroll down.  Near the bottom is the thumbprint. This is where it is Unique. (not the serial number at the top).  Take several of the characters at the beginning of this long hexstring and you can search for it in registry with regedit.

Note: for the place to put the key, advise is to assign it to the machine, not the user.  There are many ways to overlap and fairly duplicate. We have two seemingly identical keys, each with a different expiry, each for different application for internal use at company only. The key identifier is the thumbprint.
CERTIFIED EXPERT
Top Expert 2008

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
PAQ - Refund

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

war1
EE Cleanup Volunteer
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.