Solved

IE9 Windows 7  - "There is a problem with this website's security certificate"

Posted on 2014-09-23
16
1,024 Views
Last Modified: 2014-09-23
So on a fresh image I'm working with, I've basically installed Windows 7 Enterprise with SP1 bare from the ISO.
So I've got IE9 up.

On a few different websites, I get the "There is a problem with this website's security certificate".

However, I don't get that message on any other computer I try to access the same websites from, whether another work computer, or my home computer.

Are there any particular Windows or IE9 updates I may need to install?

I deployed this image through SCCM 2012 but nothing special was done during the task sequence, so I'm really not sure.

The Date/Time on the system is fine
0
Comment
Question by:garryshape
16 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40339675
You can probably check for specific updates or just run windows updates.

x86      Update for Root Certificates for Windows XP [November 2013] (KB931125)
x64      Update for Root Certificates for Windows XP x64 Edition [November 2013] (KB931125)
x86      Update for Root Certificates for Windows Vista [November 2013] (KB931125)
x64      Update for Root Certificates for Windows Vista for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 7 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 7 for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 8 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 8 for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 8.1 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 8.1 for x64-based Systems [November 2013] (KB931125)
0
 
LVL 58

Expert Comment

by:Gary
ID: 40339679
Check the date/time is correct
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40339691
either the certificate is expired, doesn't match the name of the site, or was not issued by a trusted certificate authority (godaddy, thawte, verisign, etc.)
either the trusted certs are not present in the local store (trusted root certificate authority) or there is a newer version/installed update of the browser which is designed to display that message for security reasons
firefox and chrome have the same behavior to help against phishing sites
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:garryshape
ID: 40339716
I don't see any updates installed with "certficiate" in their name on the problematic computer.
However, I don't show any on my computer, right, but the website shows up fine.

The problematic computer appears to be in compliance with all the MS Bulletin updates available from SCCM updates.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40339718
My suggestion was based on the fact the OP indicated that the date and time were correct and no updates were applied as yet.

He also indicated the site certificate works at other computers, so my assumption here would be a windows update that would either update root or CA certs has not yet been applied, since windows would bundle these updates from various vendors and release them for install as update KBs.

I would think once updates are applied this should resolve his issue.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40339723
An easy suggestion would be this:

Click on the padlock and view the certificate for the site.
Click on the details tab and see the certificate chain.
You can open your certificate mmc and compare whether or not the CA and root in the certificate you are getting the popup for are in your local certificate store.

That is the only potential issues besides date and time (which you indicate are correct).
0
 

Author Comment

by:garryshape
ID: 40339779
Yeah there's only like 21 Trusted Root CAs on the problematic computer.

Would the certificate updates for Windows 7 / IE9 not be a "Security Bulletin" with a Bulletin ID? Would they be something else?
Because I'm using SCCM 2012 for software updates so the computer can only install those updates from the server which have been filtered, downloaded and packaged on the server according to certain criteria.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40339789
Certificate updates would be for the OS, but I am not sure what might be wrong in your instance.

You could simply export the Root and CA stores as SST and install on the problematic computer to resolve this.
0
 

Author Comment

by:garryshape
ID: 40339813
I'm going to try the update KB2718704
0
 

Author Comment

by:garryshape
ID: 40339883
Nope, that KB2718704 update wasn't it. Not sure what others to try. I'd hate do just install hundreds of updates because I won't fixed it if it works.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40339970
You can simply copy the trusted certs from a working computer

Step1 Root (on the working computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand trusted root - click on certificates - select all the certificates in the right pane and right click and export you can select sst format here - enter a filename etc.

Step 2 CA (on the working computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand Intermediate Certification Authorities - click on certificates - select all the certificates in the right pane and right click and export you can select sst format here


Once you have completed the above steps go to the non working computer (ensure you have access to the files you created above)

Step1 Root (on the problematic computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand trusted root - right click on certificates - click import - point to the sst you created and complete the wizard.

Step 2 CA (on the problematic computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand Intermediate Certification Authorities - right click on certificates - click import - point to the sst you created and complete the wizard.


This should resolve it for you, I do have one concern (Why are you against installing the windows updates across the board) ?
0
 

Author Comment

by:garryshape
ID: 40340223
I can't do local Windows Updates, because they care configured to be downloaded from SCCM (Configuration Manager) while the computer's on the domain.

I can't try any of those things right now because the system is doing a huge number of security updates.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40340228
It may be possible this will be resolved with one of the security updates, as certificate updates generally fall in the security domain.
0
 

Author Comment

by:garryshape
ID: 40340236
Why would Intermediate and Root certificates be missing though if updates aren't addressing it?
This isn't some messed up image I captured of Windows 7; it's the applied base install.wim file from the ISO with updates installed post-deployment.

Even if I export/import certificates from a working computer and that fixes it, is that an efficient step for the process of deploying hundreds of computers?
0
 
LVL 29

Expert Comment

by:becraig
ID: 40340249
These are always a  part of security updates from windows, since you are filtering on what you want to install and what you don't want to, I cannot tell you which you will miss.

E.g. If Verisign adds a new Intermediate CA or Root in 2014 and you have a 2013 Windows image with an SP released in 2013, you would not expect the updated certificate to be there would you ?

As such these type of OS changes are pushed out in updates, I cannot say which one (or ones) would be the right one for you in this instance.

Once your computer is up to date with required updates this issue should go away.
0
 

Author Closing Comment

by:garryshape
ID: 40340510
Thank you very much for that fix/help.
Now I just need to figure out why the system didn't have those installed in the first place, given it was fully updated through SCCM, as well as via local checking directly to MS (I did so manually), and on the domain for hours.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question