Instlled SSL certificate not trusted by XP

Posted on 2004-04-29
Last Modified: 2013-12-04
I am trying to get a Certificate issued by Windows 2003 certificate server trusted by a windows XP box.  Both system are full up to date on service packs and hot fixes.

Procedure is as follows:
- Generate a certificate for my web site via 2003 certificate server
- Install in IIS on the Web Site
- https connect from client
- .... Cetrificate OK and matches but not trusted
- .... View certificate
- .... Install certificate using defaults
close browser & try again

On a W2K client this works fine, the certificate is used automatically on the next https session.

On XP on the next connection the same message about the issuer not being trusted is displayed.  Cancel and look in the certificate store and the certificate is in place, valid and looks quite happy.


Are there any security options that I don't know about on how certificates are trusted?
Are there any relevant differences in XP on certificate store handling
do I need to do something like have my certificate server installed as a root authority?
Is this a bug?
Any other explanation to do with planetary alignment or reality?

Comments, answers, sympathy gratefull received


Question by:tonimargiotta

Accepted Solution

txsolutions earned 300 total points
Comment Utility
hey toni,

is this all happening in a domain environment? if so, is the certificate issued by a root ca that's integrated in your active directory, or is it standalone?
on the xp machine, you have to trust the root ca that issued the certificate to your webserver, which if the xp machine, webserver and certificate server are all part of the one domain is already the case. to check that, if you go into internet explorer on the xp box, go to tools | internet options | content, and go to trusted root ca's and check that the root which issued the certificate for your webserver is one of the ones listed in there...

to be honest i thought win2k works the same way so i'm not 100% sure what the story is...

hope this helps though...!

Author Comment

Comment Utility
Apparently W2K and XP do behave differently.  Installed my root CA certificate and everything worked fine.  I think I expected to have to do this, but was somewhat thrown when W2K worked without it.


Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now