[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Instlled SSL certificate not trusted by XP

Posted on 2004-04-29
2
Medium Priority
?
1,021 Views
Last Modified: 2013-12-04
I am trying to get a Certificate issued by Windows 2003 certificate server trusted by a windows XP box.  Both system are full up to date on service packs and hot fixes.

Procedure is as follows:
- Generate a certificate for my web site via 2003 certificate server
- Install in IIS on the Web Site
- https connect from client
- .... Cetrificate OK and matches but not trusted
- .... View certificate
- .... Install certificate using defaults
continue
close browser & try again

On a W2K client this works fine, the certificate is used automatically on the next https session.

On XP on the next connection the same message about the issuer not being trusted is displayed.  Cancel and look in the certificate store and the certificate is in place, valid and looks quite happy.

Questions:....

Are there any security options that I don't know about on how certificates are trusted?
Are there any relevant differences in XP on certificate store handling
do I need to do something like have my certificate server installed as a root authority?
Is this a bug?
Any other explanation to do with planetary alignment or reality?

Comments, answers, sympathy gratefull received

Toz


0
Comment
Question by:tonimargiotta
2 Comments
 

Accepted Solution

by:
txsolutions earned 900 total points
ID: 10951555
hey toni,

is this all happening in a domain environment? if so, is the certificate issued by a root ca that's integrated in your active directory, or is it standalone?
on the xp machine, you have to trust the root ca that issued the certificate to your webserver, which if the xp machine, webserver and certificate server are all part of the one domain is already the case. to check that, if you go into internet explorer on the xp box, go to tools | internet options | content, and go to trusted root ca's and check that the root which issued the certificate for your webserver is one of the ones listed in there...

to be honest i thought win2k works the same way so i'm not 100% sure what the story is...

hope this helps though...!
0
 
LVL 1

Author Comment

by:tonimargiotta
ID: 10973305
Apparently W2K and XP do behave differently.  Installed my root CA certificate and everything worked fine.  I think I expected to have to do this, but was somewhat thrown when W2K worked without it.

Rgds
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month19 days, 16 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question