Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 514
  • Last Modified:

Some websites cannot be accessed by https/ssl in IE7 and IE8 from Windows XP

In my company we have a problem with one of our websites. It cannot be accessed with https in IE7 and IE8 when users have PC's running XP. Firefox is working fine, but the users come from organisations where IE8 is standard browser software and XP the OS used currently.
When I include IE7 it is because I have tried to hit F12 and run the browser in IE7 mode to see if it worked. Not working. The site is running on IIS7.5 on a Widows 2008 server and is Net Framework v4.0, Classic Mode.
It is a new version of a system where we also have a site using  the old version in v2.0, Classic Mode. It can be accessed without problems. but I don't know if that is relevant or not.
The sites are running on subdomains and the SSL certificates are associated with the subdomains.
I have googled the problem and can see that there can be problems with IE8 and XP. Have tried some of the solutions suggested but so far nothing has worked.
I hope very much that somebody can help. We have some users that must finish registrations in our systems very soon.
0
JorgenV
Asked:
JorgenV
2 Solutions
 
Dave BaldwinFixer of ProblemsCommented:
Have you made sure the Windows root certificates are up to date?  Newer SSL/TLS certificates require newer root certificates.   You can download them thru Windows update.

More info here: http://blogs.technet.com/b/windowsserver/archive/2013/01/12/fix-available-for-root-certificate-update-issue-on-windows-server.aspx
0
 
JorgenVAuthor Commented:
Hi Dave

Thanks for your answer. Our hosting company is responsible for updating the server, so I really don't know.
1. How can I check it myself?
2. I read the instructions and it seems to me that I can create some problems if I don't do this right. We have a lot of websites running on that server and my expertise now in maintaining servers is somewhat rusty. What do you recommend?
0
 
Dave BaldwinFixer of ProblemsCommented:
Before you try anything on the server, make sure that the users Windows installations have the Root Certificate Updates.  Are you having problems with any other HTTPS sites?  Note that Firefox has it's own Root Certificates so it is not affected by the Windows updates.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
David Johnson, CD, MVPOwnerCommented:
no points: Just to clarify things here these root certificate updates are CLIENT side and not server side. If it works in Firefox then your server doesn't need to be touched.
0
 
JorgenVAuthor Commented:
Hi ve3ofa - and Dave. Ok. Thanks. I can see that this is also what Dave writes. I didn't see it yesterday as I was not very clear in the head because of a very long day. I will check the status of the clients Monday and return.
0
 
Dave BaldwinFixer of ProblemsCommented:
The article I linked says there was a possible update error on servers also.  But check the clients first.  I know some people never allow updates.  But if they don't allow the root certificate updates then eventually they will encounter a website that they can't visit because of it.
0
 
JorgenVAuthor Commented:
Ok, Dave. I have a virtual pc on my own pc with xp sp3  and ie8. There actually are some problems with a couple of other websites. They can be accessed with https,  but there is a warning first about the validity of the certificates. They are valid. I will try tonight (local time now 09:12) to install the updates on my own xp and see if it solve the problem. Thanks very much.
0
 
Dave BaldwinFixer of ProblemsCommented:
Root Certificate Updates are optional updates, you have to go to Windows Update and click on "Custom" I think it is.
0
 
JorgenVAuthor Commented:
I have installed the latest optional Root Certificate Update from Windows Update now. Result: the websites that before showed warning messages but allowed users the choice to continue now just works. The website that we need to work does not. This websit uses a tool called a Netscaler. In the IIS it is set  up to http and the Netscaler redirects to https. Can it be relevant?
0
 
Dave BaldwinFixer of ProblemsCommented:
0
 
JorgenVAuthor Commented:
It is a tool our hosting company use. I only know the name, but when I googled it I found what you found.
Dave. Do you know a tool that can check a https or http connection and show errors?
0
 
Dave BaldwinFixer of ProblemsCommented:
You can use Wireshark http://www.wireshark.org/ or Fiddler http://fiddler2.com/ to check HTTP connections.  HTTPS is a little more difficult but one of them says they can be set up to check those too.  Firefox seems to give a little more info than IE does about HTTPS problems.
0
 
JorgenVAuthor Commented:
Ok, thanks. I have found this: http://support.citrix.com/article/CTX134083 
Don't really know how much it is relevant, but since all our other sites does not have problems I have decided that we must setup the website with problems without the Netscaler with its own IP like our other sites and see if it solves the problem.
0
 
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
JorgenVAuthor Commented:
Hi

There is an answer to the question. Our hosting company tried a new setup on the Netscaler when they saw the link is my latest comment and it solved the problem. DaveBaldwin helped to put me on the right track. I can write a short answer where I describe how the problem was solved and share the points with DaveBaldwin. Have been extremely busy and forgot to do this. Sorry.

JorgenV
0
 
JorgenVAuthor Commented:
This solved the problem. Mail from consultant at the hosting company when they received this link: http://support.citrix.com/article/CTX134083

"Thanks - I have tried to change the order of the ciphers - it is not directly supported, but you can remove all ciphers, add them in the order you want and then hope that the Netscaler respects it."
0
 
JorgenVAuthor Commented:
I was put on the right track by DaveBaldwin and found a link about the Netscaler that helped our hosting company to solve the problem. So it was a joint effort. You have to read the thread to understand the problem and the solution.
0
 
Dave BaldwinFixer of ProblemsCommented:
Glad to help, thanks for the points.
0
 
JorgenVAuthor Commented:
Thanks for your help.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now