Browser error "Malformed certificate"  = Google Chrome (v36) and IE (v8) - with a root CA SHA256

Posted on 2014-08-04
Last Modified: 2014-08-08
Using Google and IE to connect to a URL we get an error :-
The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information.
Error type: Malformed certificate
Issuer: GlobalSign Organization Validation CA - SHA256 - G2

The server is running WIndows 2003 server and the version of browsers as stated above. So on a development 2003 server I ran Windows updates and re-tried and the issue was resolved. I need to fix the issue on live 2003 servers but I do not want to run the complete Windows Update in case it breaks many other functions.
I am assuming there was an upgrade to support  new hashing algorithm SHA256 ?
Appreciate if anyone can shed light on this and more specific on what needs updating.

Question by:ccfcfc
    LVL 82

    Expert Comment

    by:Dave Baldwin
    Look for the Root Certificate Updates and see if that fixes your problem.

    Author Comment

    I am still struggling to find anything that fixes the issue. There seems to be a common theme with the SHA256 in the certs needed within Windows 2003. I fixed the issue by running Windows updates on the 2003 server but this tkes over 4 hours and there are many. My other issue being, this is a live server running apps and web sites and it woudl break other apps and be down for 4 hours.
    SO I am not ure what Root Certificate as part of the update is required. I woudl be grateful if you know what update is required.
    I found this link
    But when I download it and attempt to run it, it says " but is for a machine other than the current machine" so does not run .
    LVL 82

    Accepted Solution

    See if the info here helps any:

    Author Comment

    YEs I found that one and applied it made no difference. I even got the new RootCA Intermediate CA and imported into the Server Certificate MMC made no difference. I have been sent a knowledge base KB968730  

    Applied it , re-booted and it seemed to have fixed my problem. I am going to have to do some more testing on other server

    Author Comment

    Yes it seems to have solved the problem

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
    This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now