?
Solved

Instlled SSL certificate not trusted by XP

Posted on 2004-04-29
2
Medium Priority
?
1,019 Views
Last Modified: 2013-12-04
I am trying to get a Certificate issued by Windows 2003 certificate server trusted by a windows XP box.  Both system are full up to date on service packs and hot fixes.

Procedure is as follows:
- Generate a certificate for my web site via 2003 certificate server
- Install in IIS on the Web Site
- https connect from client
- .... Cetrificate OK and matches but not trusted
- .... View certificate
- .... Install certificate using defaults
continue
close browser & try again

On a W2K client this works fine, the certificate is used automatically on the next https session.

On XP on the next connection the same message about the issuer not being trusted is displayed.  Cancel and look in the certificate store and the certificate is in place, valid and looks quite happy.

Questions:....

Are there any security options that I don't know about on how certificates are trusted?
Are there any relevant differences in XP on certificate store handling
do I need to do something like have my certificate server installed as a root authority?
Is this a bug?
Any other explanation to do with planetary alignment or reality?

Comments, answers, sympathy gratefull received

Toz


0
Comment
Question by:tonimargiotta
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Accepted Solution

by:
txsolutions earned 900 total points
ID: 10951555
hey toni,

is this all happening in a domain environment? if so, is the certificate issued by a root ca that's integrated in your active directory, or is it standalone?
on the xp machine, you have to trust the root ca that issued the certificate to your webserver, which if the xp machine, webserver and certificate server are all part of the one domain is already the case. to check that, if you go into internet explorer on the xp box, go to tools | internet options | content, and go to trusted root ca's and check that the root which issued the certificate for your webserver is one of the ones listed in there...

to be honest i thought win2k works the same way so i'm not 100% sure what the story is...

hope this helps though...!
0
 
LVL 1

Author Comment

by:tonimargiotta
ID: 10973305
Apparently W2K and XP do behave differently.  Installed my root CA certificate and everything worked fine.  I think I expected to have to do this, but was somewhat thrown when W2K worked without it.

Rgds
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question