Solved

Some websites cannot be accessed by https/ssl in IE7 and IE8 from Windows XP

Posted on 2013-05-11
20
483 Views
Last Modified: 2013-06-11
In my company we have a problem with one of our websites. It cannot be accessed with https in IE7 and IE8 when users have PC's running XP. Firefox is working fine, but the users come from organisations where IE8 is standard browser software and XP the OS used currently.
When I include IE7 it is because I have tried to hit F12 and run the browser in IE7 mode to see if it worked. Not working. The site is running on IIS7.5 on a Widows 2008 server and is Net Framework v4.0, Classic Mode.
It is a new version of a system where we also have a site using  the old version in v2.0, Classic Mode. It can be accessed without problems. but I don't know if that is relevant or not.
The sites are running on subdomains and the SSL certificates are associated with the subdomains.
I have googled the problem and can see that there can be problems with IE8 and XP. Have tried some of the solutions suggested but so far nothing has worked.
I hope very much that somebody can help. We have some users that must finish registrations in our systems very soon.
0
Comment
Question by:JorgenV
20 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Have you made sure the Windows root certificates are up to date?  Newer SSL/TLS certificates require newer root certificates.   You can download them thru Windows update.

More info here: http://blogs.technet.com/b/windowsserver/archive/2013/01/12/fix-available-for-root-certificate-update-issue-on-windows-server.aspx
0
 

Author Comment

by:JorgenV
Comment Utility
Hi Dave

Thanks for your answer. Our hosting company is responsible for updating the server, so I really don't know.
1. How can I check it myself?
2. I read the instructions and it seems to me that I can create some problems if I don't do this right. We have a lot of websites running on that server and my expertise now in maintaining servers is somewhat rusty. What do you recommend?
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 500 total points
Comment Utility
Before you try anything on the server, make sure that the users Windows installations have the Root Certificate Updates.  Are you having problems with any other HTTPS sites?  Note that Firefox has it's own Root Certificates so it is not affected by the Windows updates.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
no points: Just to clarify things here these root certificate updates are CLIENT side and not server side. If it works in Firefox then your server doesn't need to be touched.
0
 

Author Comment

by:JorgenV
Comment Utility
Hi ve3ofa - and Dave. Ok. Thanks. I can see that this is also what Dave writes. I didn't see it yesterday as I was not very clear in the head because of a very long day. I will check the status of the clients Monday and return.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
The article I linked says there was a possible update error on servers also.  But check the clients first.  I know some people never allow updates.  But if they don't allow the root certificate updates then eventually they will encounter a website that they can't visit because of it.
0
 

Author Comment

by:JorgenV
Comment Utility
Ok, Dave. I have a virtual pc on my own pc with xp sp3  and ie8. There actually are some problems with a couple of other websites. They can be accessed with https,  but there is a warning first about the validity of the certificates. They are valid. I will try tonight (local time now 09:12) to install the updates on my own xp and see if it solve the problem. Thanks very much.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Root Certificate Updates are optional updates, you have to go to Windows Update and click on "Custom" I think it is.
0
 

Author Comment

by:JorgenV
Comment Utility
I have installed the latest optional Root Certificate Update from Windows Update now. Result: the websites that before showed warning messages but allowed users the choice to continue now just works. The website that we need to work does not. This websit uses a tool called a Netscaler. In the IIS it is set  up to http and the Netscaler redirects to https. Can it be relevant?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
0
 

Author Comment

by:JorgenV
Comment Utility
It is a tool our hosting company use. I only know the name, but when I googled it I found what you found.
Dave. Do you know a tool that can check a https or http connection and show errors?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
You can use Wireshark http://www.wireshark.org/ or Fiddler http://fiddler2.com/ to check HTTP connections.  HTTPS is a little more difficult but one of them says they can be set up to check those too.  Firefox seems to give a little more info than IE does about HTTPS problems.
0
 

Author Comment

by:JorgenV
Comment Utility
Ok, thanks. I have found this: http://support.citrix.com/article/CTX134083
Don't really know how much it is relevant, but since all our other sites does not have problems I have decided that we must setup the website with problems without the Netscaler with its own IP like our other sites and see if it solves the problem.
0
 
LVL 59

Expert Comment

by:LeeTutor
Comment Utility
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 

Author Comment

by:JorgenV
Comment Utility
Hi

There is an answer to the question. Our hosting company tried a new setup on the Netscaler when they saw the link is my latest comment and it solved the problem. DaveBaldwin helped to put me on the right track. I can write a short answer where I describe how the problem was solved and share the points with DaveBaldwin. Have been extremely busy and forgot to do this. Sorry.

JorgenV
0
 

Accepted Solution

by:
JorgenV earned 0 total points
Comment Utility
This solved the problem. Mail from consultant at the hosting company when they received this link: http://support.citrix.com/article/CTX134083

"Thanks - I have tried to change the order of the ciphers - it is not directly supported, but you can remove all ciphers, add them in the order you want and then hope that the Netscaler respects it."
0
 

Author Closing Comment

by:JorgenV
Comment Utility
I was put on the right track by DaveBaldwin and found a link about the Netscaler that helped our hosting company to solve the problem. So it was a joint effort. You have to read the thread to understand the problem and the solution.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Glad to help, thanks for the points.
0
 

Author Comment

by:JorgenV
Comment Utility
Thanks for your help.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now