Instlled SSL certificate not trusted by XP

Posted on 2004-04-29
Medium Priority
Last Modified: 2013-12-04
I am trying to get a Certificate issued by Windows 2003 certificate server trusted by a windows XP box.  Both system are full up to date on service packs and hot fixes.

Procedure is as follows:
- Generate a certificate for my web site via 2003 certificate server
- Install in IIS on the Web Site
- https connect from client
- .... Cetrificate OK and matches but not trusted
- .... View certificate
- .... Install certificate using defaults
close browser & try again

On a W2K client this works fine, the certificate is used automatically on the next https session.

On XP on the next connection the same message about the issuer not being trusted is displayed.  Cancel and look in the certificate store and the certificate is in place, valid and looks quite happy.


Are there any security options that I don't know about on how certificates are trusted?
Are there any relevant differences in XP on certificate store handling
do I need to do something like have my certificate server installed as a root authority?
Is this a bug?
Any other explanation to do with planetary alignment or reality?

Comments, answers, sympathy gratefull received


Question by:tonimargiotta
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

txsolutions earned 900 total points
ID: 10951555
hey toni,

is this all happening in a domain environment? if so, is the certificate issued by a root ca that's integrated in your active directory, or is it standalone?
on the xp machine, you have to trust the root ca that issued the certificate to your webserver, which if the xp machine, webserver and certificate server are all part of the one domain is already the case. to check that, if you go into internet explorer on the xp box, go to tools | internet options | content, and go to trusted root ca's and check that the root which issued the certificate for your webserver is one of the ones listed in there...

to be honest i thought win2k works the same way so i'm not 100% sure what the story is...

hope this helps though...!

Author Comment

ID: 10973305
Apparently W2K and XP do behave differently.  Installed my root CA certificate and everything worked fine.  I think I expected to have to do this, but was somewhat thrown when W2K worked without it.


Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month7 days, 21 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question