Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1025
  • Last Modified:

Instlled SSL certificate not trusted by XP

I am trying to get a Certificate issued by Windows 2003 certificate server trusted by a windows XP box.  Both system are full up to date on service packs and hot fixes.

Procedure is as follows:
- Generate a certificate for my web site via 2003 certificate server
- Install in IIS on the Web Site
- https connect from client
- .... Cetrificate OK and matches but not trusted
- .... View certificate
- .... Install certificate using defaults
close browser & try again

On a W2K client this works fine, the certificate is used automatically on the next https session.

On XP on the next connection the same message about the issuer not being trusted is displayed.  Cancel and look in the certificate store and the certificate is in place, valid and looks quite happy.


Are there any security options that I don't know about on how certificates are trusted?
Are there any relevant differences in XP on certificate store handling
do I need to do something like have my certificate server installed as a root authority?
Is this a bug?
Any other explanation to do with planetary alignment or reality?

Comments, answers, sympathy gratefull received


1 Solution
hey toni,

is this all happening in a domain environment? if so, is the certificate issued by a root ca that's integrated in your active directory, or is it standalone?
on the xp machine, you have to trust the root ca that issued the certificate to your webserver, which if the xp machine, webserver and certificate server are all part of the one domain is already the case. to check that, if you go into internet explorer on the xp box, go to tools | internet options | content, and go to trusted root ca's and check that the root which issued the certificate for your webserver is one of the ones listed in there...

to be honest i thought win2k works the same way so i'm not 100% sure what the story is...

hope this helps though...!
tonimargiottaAuthor Commented:
Apparently W2K and XP do behave differently.  Installed my root CA certificate and everything worked fine.  I think I expected to have to do this, but was somewhat thrown when W2K worked without it.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now