Solved

Some websites cannot be accessed by https/ssl in IE7 and IE8 from Windows XP

Posted on 2013-05-11
20
501 Views
Last Modified: 2013-06-11
In my company we have a problem with one of our websites. It cannot be accessed with https in IE7 and IE8 when users have PC's running XP. Firefox is working fine, but the users come from organisations where IE8 is standard browser software and XP the OS used currently.
When I include IE7 it is because I have tried to hit F12 and run the browser in IE7 mode to see if it worked. Not working. The site is running on IIS7.5 on a Widows 2008 server and is Net Framework v4.0, Classic Mode.
It is a new version of a system where we also have a site using  the old version in v2.0, Classic Mode. It can be accessed without problems. but I don't know if that is relevant or not.
The sites are running on subdomains and the SSL certificates are associated with the subdomains.
I have googled the problem and can see that there can be problems with IE8 and XP. Have tried some of the solutions suggested but so far nothing has worked.
I hope very much that somebody can help. We have some users that must finish registrations in our systems very soon.
0
Comment
Question by:JorgenV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
20 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39158445
Have you made sure the Windows root certificates are up to date?  Newer SSL/TLS certificates require newer root certificates.   You can download them thru Windows update.

More info here: http://blogs.technet.com/b/windowsserver/archive/2013/01/12/fix-available-for-root-certificate-update-issue-on-windows-server.aspx
0
 

Author Comment

by:JorgenV
ID: 39158567
Hi Dave

Thanks for your answer. Our hosting company is responsible for updating the server, so I really don't know.
1. How can I check it myself?
2. I read the instructions and it seems to me that I can create some problems if I don't do this right. We have a lot of websites running on that server and my expertise now in maintaining servers is somewhat rusty. What do you recommend?
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 500 total points
ID: 39158588
Before you try anything on the server, make sure that the users Windows installations have the Root Certificate Updates.  Are you having problems with any other HTTPS sites?  Note that Firefox has it's own Root Certificates so it is not affected by the Windows updates.
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39159031
no points: Just to clarify things here these root certificate updates are CLIENT side and not server side. If it works in Firefox then your server doesn't need to be touched.
0
 

Author Comment

by:JorgenV
ID: 39159065
Hi ve3ofa - and Dave. Ok. Thanks. I can see that this is also what Dave writes. I didn't see it yesterday as I was not very clear in the head because of a very long day. I will check the status of the clients Monday and return.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39159133
The article I linked says there was a possible update error on servers also.  But check the clients first.  I know some people never allow updates.  But if they don't allow the root certificate updates then eventually they will encounter a website that they can't visit because of it.
0
 

Author Comment

by:JorgenV
ID: 39159163
Ok, Dave. I have a virtual pc on my own pc with xp sp3  and ie8. There actually are some problems with a couple of other websites. They can be accessed with https,  but there is a warning first about the validity of the certificates. They are valid. I will try tonight (local time now 09:12) to install the updates on my own xp and see if it solve the problem. Thanks very much.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39159166
Root Certificate Updates are optional updates, you have to go to Windows Update and click on "Custom" I think it is.
0
 

Author Comment

by:JorgenV
ID: 39160385
I have installed the latest optional Root Certificate Update from Windows Update now. Result: the websites that before showed warning messages but allowed users the choice to continue now just works. The website that we need to work does not. This websit uses a tool called a Netscaler. In the IIS it is set  up to http and the Netscaler redirects to https. Can it be relevant?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39160487
0
 

Author Comment

by:JorgenV
ID: 39160517
It is a tool our hosting company use. I only know the name, but when I googled it I found what you found.
Dave. Do you know a tool that can check a https or http connection and show errors?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39160562
You can use Wireshark http://www.wireshark.org/ or Fiddler http://fiddler2.com/ to check HTTP connections.  HTTPS is a little more difficult but one of them says they can be set up to check those too.  Firefox seems to give a little more info than IE does about HTTPS problems.
0
 

Author Comment

by:JorgenV
ID: 39160609
Ok, thanks. I have found this: http://support.citrix.com/article/CTX134083 
Don't really know how much it is relevant, but since all our other sites does not have problems I have decided that we must setup the website with problems without the Netscaler with its own IP like our other sites and see if it solves the problem.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 39225074
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 

Author Comment

by:JorgenV
ID: 39225075
Hi

There is an answer to the question. Our hosting company tried a new setup on the Netscaler when they saw the link is my latest comment and it solved the problem. DaveBaldwin helped to put me on the right track. I can write a short answer where I describe how the problem was solved and share the points with DaveBaldwin. Have been extremely busy and forgot to do this. Sorry.

JorgenV
0
 

Accepted Solution

by:
JorgenV earned 0 total points
ID: 39225090
This solved the problem. Mail from consultant at the hosting company when they received this link: http://support.citrix.com/article/CTX134083

"Thanks - I have tried to change the order of the ciphers - it is not directly supported, but you can remove all ciphers, add them in the order you want and then hope that the Netscaler respects it."
0
 

Author Closing Comment

by:JorgenV
ID: 39237100
I was put on the right track by DaveBaldwin and found a link about the Netscaler that helped our hosting company to solve the problem. So it was a joint effort. You have to read the thread to understand the problem and the solution.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39237206
Glad to help, thanks for the points.
0
 

Author Comment

by:JorgenV
ID: 39237286
Thanks for your help.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question