?
Solved

IE9 Windows 7  - "There is a problem with this website's security certificate"

Posted on 2014-09-23
16
Medium Priority
?
1,055 Views
Last Modified: 2014-09-23
So on a fresh image I'm working with, I've basically installed Windows 7 Enterprise with SP1 bare from the ISO.
So I've got IE9 up.

On a few different websites, I get the "There is a problem with this website's security certificate".

However, I don't get that message on any other computer I try to access the same websites from, whether another work computer, or my home computer.

Are there any particular Windows or IE9 updates I may need to install?

I deployed this image through SCCM 2012 but nothing special was done during the task sequence, so I'm really not sure.

The Date/Time on the system is fine
0
Comment
Question by:garryshape
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
16 Comments
 
LVL 29

Accepted Solution

by:
becraig earned 2000 total points
ID: 40339675
You can probably check for specific updates or just run windows updates.

x86      Update for Root Certificates for Windows XP [November 2013] (KB931125)
x64      Update for Root Certificates for Windows XP x64 Edition [November 2013] (KB931125)
x86      Update for Root Certificates for Windows Vista [November 2013] (KB931125)
x64      Update for Root Certificates for Windows Vista for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 7 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 7 for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 8 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 8 for x64-based Systems [November 2013] (KB931125)
x86      Update for Root Certificates for Windows 8.1 [November 2013] (KB931125)
x64      Update for Root Certificates for Windows 8.1 for x64-based Systems [November 2013] (KB931125)
0
 
LVL 58

Expert Comment

by:Gary
ID: 40339679
Check the date/time is correct
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40339691
either the certificate is expired, doesn't match the name of the site, or was not issued by a trusted certificate authority (godaddy, thawte, verisign, etc.)
either the trusted certs are not present in the local store (trusted root certificate authority) or there is a newer version/installed update of the browser which is designed to display that message for security reasons
firefox and chrome have the same behavior to help against phishing sites
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:garryshape
ID: 40339716
I don't see any updates installed with "certficiate" in their name on the problematic computer.
However, I don't show any on my computer, right, but the website shows up fine.

The problematic computer appears to be in compliance with all the MS Bulletin updates available from SCCM updates.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 40339718
My suggestion was based on the fact the OP indicated that the date and time were correct and no updates were applied as yet.

He also indicated the site certificate works at other computers, so my assumption here would be a windows update that would either update root or CA certs has not yet been applied, since windows would bundle these updates from various vendors and release them for install as update KBs.

I would think once updates are applied this should resolve his issue.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40339723
An easy suggestion would be this:

Click on the padlock and view the certificate for the site.
Click on the details tab and see the certificate chain.
You can open your certificate mmc and compare whether or not the CA and root in the certificate you are getting the popup for are in your local certificate store.

That is the only potential issues besides date and time (which you indicate are correct).
0
 

Author Comment

by:garryshape
ID: 40339779
Yeah there's only like 21 Trusted Root CAs on the problematic computer.

Would the certificate updates for Windows 7 / IE9 not be a "Security Bulletin" with a Bulletin ID? Would they be something else?
Because I'm using SCCM 2012 for software updates so the computer can only install those updates from the server which have been filtered, downloaded and packaged on the server according to certain criteria.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40339789
Certificate updates would be for the OS, but I am not sure what might be wrong in your instance.

You could simply export the Root and CA stores as SST and install on the problematic computer to resolve this.
0
 

Author Comment

by:garryshape
ID: 40339813
I'm going to try the update KB2718704
0
 

Author Comment

by:garryshape
ID: 40339883
Nope, that KB2718704 update wasn't it. Not sure what others to try. I'd hate do just install hundreds of updates because I won't fixed it if it works.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40339970
You can simply copy the trusted certs from a working computer

Step1 Root (on the working computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand trusted root - click on certificates - select all the certificates in the right pane and right click and export you can select sst format here - enter a filename etc.

Step 2 CA (on the working computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand Intermediate Certification Authorities - click on certificates - select all the certificates in the right pane and right click and export you can select sst format here


Once you have completed the above steps go to the non working computer (ensure you have access to the files you created above)

Step1 Root (on the problematic computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand trusted root - right click on certificates - click import - point to the sst you created and complete the wizard.

Step 2 CA (on the problematic computer)
winkey + r - mmc.exe - add remove snapin - certificates - computer account - local computer - expand Intermediate Certification Authorities - right click on certificates - click import - point to the sst you created and complete the wizard.


This should resolve it for you, I do have one concern (Why are you against installing the windows updates across the board) ?
0
 

Author Comment

by:garryshape
ID: 40340223
I can't do local Windows Updates, because they care configured to be downloaded from SCCM (Configuration Manager) while the computer's on the domain.

I can't try any of those things right now because the system is doing a huge number of security updates.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40340228
It may be possible this will be resolved with one of the security updates, as certificate updates generally fall in the security domain.
0
 

Author Comment

by:garryshape
ID: 40340236
Why would Intermediate and Root certificates be missing though if updates aren't addressing it?
This isn't some messed up image I captured of Windows 7; it's the applied base install.wim file from the ISO with updates installed post-deployment.

Even if I export/import certificates from a working computer and that fixes it, is that an efficient step for the process of deploying hundreds of computers?
0
 
LVL 29

Expert Comment

by:becraig
ID: 40340249
These are always a  part of security updates from windows, since you are filtering on what you want to install and what you don't want to, I cannot tell you which you will miss.

E.g. If Verisign adds a new Intermediate CA or Root in 2014 and you have a 2013 Windows image with an SP released in 2013, you would not expect the updated certificate to be there would you ?

As such these type of OS changes are pushed out in updates, I cannot say which one (or ones) would be the right one for you in this instance.

Once your computer is up to date with required updates this issue should go away.
0
 

Author Closing Comment

by:garryshape
ID: 40340510
Thank you very much for that fix/help.
Now I just need to figure out why the system didn't have those installed in the first place, given it was fully updated through SCCM, as well as via local checking directly to MS (I did so manually), and on the domain for hours.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month10 days, 2 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question