SSL Certificate Error

But..  That is not good enough.

You need to open the DNS or IP through your networking from your internal to the external networking (Intranet to Internet).

HTH,

Kent

That is because your certificate is probably expired or is not a trusted/authorized on the server.  For instance I purchased a UCC cert for out exchange server to utilize OWA and Outlook anywhere.  Check your Server and see if it is a Self-Signed certificate and if its expired

I'm not sure what you mean. can you explain it in details? and steps to get it to work? thanks.

When you say you've "added entrust", are you saying you believe your web filter allows you access to that domain?  You might want to get in touch with them and see if their CRL is hosted elsewhere or under another domain name.

we dont have a web server. we are accessing a bank's web page.

Just to confirm:

- You are attempting to visit a bank's site [can we know the URL of that site to look at the certificate?]
- You get a certificate error [what is that exact error?]
- You turn off your web filter, the error goes away [what web filter are you using - is this a 3rd party device on your network, or software installed on the client machines?]

My initial guess is that perhaps you got the cert errors in your browsers all along, but at one time just stored an exception on the client machine so that it doesn't hassle you every time.  Then you added a new web content filter device which isn't having any of that.  Am I close?

Like has been said before..  You cert is probably expired or the banks is expired.  Grab a copy from the bank and look at the expiration and install to your workstation as needed..

HTH,

Kent

You would have to add the bank url including the https if you can or just the entire bank url with a * at the beginning and end of the filter.

Try it and let me know if it works?

tdcanadatrust.com is the website. I noticed that it happening on more than 1 https web page but not all of them.
we are using a fortinet router with built in web filter

we had * at the begining of the filter so that's not it. we can still access the page but with a certificate warning.  
Capture1.JPG

td has VeriSign CA. Entrust was for another HTTPS website.

Are you saying if you disable the web filter on the Fortinet router, you do not get the certificate warnings in your web browser???

Are you accessing the site by name "tdcanadatrust.com" or "www.tdcanadatrust.com"?

yes when we disable the web filter we do not get the warning in the web browser. after we turned the filter back on, the testing machine doesn't get the warning also. However we do not want to disable the web filter in our work environment. I'm assuming something is being block by the filter.

we are accessing www.tdcanadatrust.com

So are you saying that you turn the filter off, use the testing machine to go to the site, and store that certificate, then turn the filter back on, and the testing machine works fine after that, even with the filter enabled?

yes