• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1088
  • Last Modified:

IE9 Windows 7 - "There is a problem with this website's security certificate"

So on a fresh image I'm working with, I've basically installed Windows 7 Enterprise with SP1 bare from the ISO.
So I've got IE9 up.

On a few different websites, I get the "There is a problem with this website's security certificate".

However, I don't get that message on any other computer I try to access the same websites from, whether another work computer, or my home computer.

Are there any particular Windows or IE9 updates I may need to install?

I deployed this image through SCCM 2012 but nothing special was done during the task sequence, so I'm really not sure.

The Date/Time on the system is fine
0
garryshape
Asked:
garryshape
2 Solutions
 
becraigCommented:
You can probably check for specific updates or just run windows updates.

x86      Update for Root Certificates for Windows XP [November 2013] (KB931125)
x64      Update for Root Certificates for Windows XP x64 Edition [November 2013] (KB931125)
x86      Update for Root Certificates for Windows Vista [November 2013] (KB931125)
x64      Update for Root Certificates for Windows Vista for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 7 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 7 for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 8 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 8 for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 8.1 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 8.1 for x64-based Systems [November 2013] (KB931125)
0
 
GaryCommented:
Check the date/time is correct
0
 
Seth SimmonsSr. Systems AdministratorCommented:
either the certificate is expired, doesn't match the name of the site, or was not issued by a trusted certificate authority (godaddy, thawte, verisign, etc.)
either the trusted certs are not present in the local store (trusted root certificate authority) or there is a newer version/installed update of the browser which is designed to display that message for security reasons
firefox and chrome have the same behavior to help against phishing sites
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
garryshapeAuthor Commented:
I don't see any updates installed with "certficiate" in their name on the problematic computer.
However, I don't show any on my computer, right, but the website shows up fine.

The problematic computer appears to be in compliance with all the MS Bulletin updates available from SCCM updates.
0
 
becraigCommented:
My suggestion was based on the fact the OP indicated that the date and time were correct and no updates were applied as yet.

He also indicated the site certificate works at other computers, so my assumption here would be a windows update that would either update root or CA certs has not yet been applied, since windows would bundle these updates from various vendors and release them for install as update KBs.

I would think once updates are applied this should resolve his issue.
0
 
becraigCommented:
An easy suggestion would be this:

Click on the padlock and view the certificate for the site.
Click on the details tab and see the certificate chain.
You can open your certificate mmc and compare whether or not the CA and root in the certificate you are getting the popup for are in your local certificate store.

That is the only potential issues besides date and time (which you indicate are correct).
0
 
garryshapeAuthor Commented:
Yeah there's only like 21 Trusted Root CAs on the problematic computer.

Would the certificate updates for Windows 7 / IE9 not be a "Security Bulletin" with a Bulletin ID? Would they be something else?
Because I'm using SCCM 2012 for software updates so the computer can only install those updates from the server which have been filtered, downloaded and packaged on the server according to certain criteria.
0
 
becraigCommented:
Certificate updates would be for the OS, but I am not sure what might be wrong in your instance.

You could simply export the Root and CA stores as SST and install on the problematic computer to resolve this.
0
 
garryshapeAuthor Commented:
I'm going to try the update KB2718704
0
 
garryshapeAuthor Commented:
Nope, that KB2718704 update wasn't it. Not sure what others to try. I'd hate do just install hundreds of updates because I won't fixed it if it works.
0
 
becraigCommented:
You can simply copy the trusted certs from a working computer

Step1 Root (on the working computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand trusted root - click on certificates - select all the certificates in the right pane and right click and export you can select sst format here - enter a filename etc.

Step 2 CA (on the working computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand Intermediate Certification Authorities - click on certificates - select all the certificates in the right pane and right click and export you can select sst format here


Once you have completed the above steps go to the non working computer (ensure you have access to the files you created above)

Step1 Root (on the problematic computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand trusted root - right click on certificates - click import - point to the sst you created and complete the wizard.

Step 2 CA (on the problematic computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand Intermediate Certification Authorities - right click on certificates - click import - point to the sst you created and complete the wizard.


This should resolve it for you, I do have one concern (Why are you against installing the windows updates across the board) ?
0
 
garryshapeAuthor Commented:
I can't do local Windows Updates, because they care configured to be downloaded from SCCM (Configuration Manager) while the computer's on the domain.

I can't try any of those things right now because the system is doing a huge number of security updates.
0
 
becraigCommented:
It may be possible this will be resolved with one of the security updates, as certificate updates generally fall in the security domain.
0
 
garryshapeAuthor Commented:
Why would Intermediate and Root certificates be missing though if updates aren't addressing it?
This isn't some messed up image I captured of Windows 7; it's the applied base install.wim file from the ISO with updates installed post-deployment.

Even if I export/import certificates from a working computer and that fixes it, is that an efficient step for the process of deploying hundreds of computers?
0
 
becraigCommented:
These are always a  part of security updates from windows, since you are filtering on what you want to install and what you don't want to, I cannot tell you which you will miss.

E.g. If Verisign adds a new Intermediate CA or Root in 2014 and you have a 2013 Windows image with an SP released in 2013, you would not expect the updated certificate to be there would you ?

As such these type of OS changes are pushed out in updates, I cannot say which one (or ones) would be the right one for you in this instance.

Once your computer is up to date with required updates this issue should go away.
0
 
garryshapeAuthor Commented:
Thank you very much for that fix/help.
Now I just need to figure out why the system didn't have those installed in the first place, given it was fully updated through SCCM, as well as via local checking directly to MS (I did so manually), and on the domain for hours.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now