SSL site works on some PC's, but not others.

Hi guys,

We have a load of store PC's still on Windows XP and running IE 8. All of these stores have the same PCs, specs and are all on our network range of 172.16.0.0/16. They all have the same applications, so it won't be another application taking up port 443. Also, our Watchguard firewall is set to permit all of these stores out to the same places. So whatever store 1 can access, store 2 can too.

The company we work with have made changes to their SSL certificates on their website recently and some PC's are able to access the actual IIS 7 page when accessing with HTTPS. And a load of other PC's are unable to reach the IIS 7 page.

My question is this: what on earth can I go back with to the guys who own the web servers? Can I ask them to make certain changes? Is there a binding issue somewhere?

Any diagnostics you can offer would be great.

Thanks guys
Yashy
LVL 1
YashyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
Look into getting the "Root Certificate Store" updates for your PCs.  Root Certificates are the ones on your PC that are used to 'validate' the ones on web sites.  While Windows 7 and above may automatically update them, Windows XP never did, they were always optional.

http://support2.microsoft.com/kb/931125
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
YashyAuthor Commented:
Hi Dave,

Thanks for responding. I went ahead and downloaded the hotfix and applied the 'Fix'. However, the website still doesn't publish sadly. I installed the fix and restarted the machine.

This is the test site I'm trying to get to https://ssl-test-2.tcppublishing.com
0
Dave BaldwinFixer of ProblemsCommented:
I don't have any trouble getting to that site but all it is is a basic IIS7 logo page.  It works the same in Firefox, Chrome, IE8, and Opera on this computer.

Are you getting any error messages?
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

YashyAuthor Commented:
I know, it works from my PC at home and it does to from some of the PC's around our stores.

But from the non working PC's if I type the address above with just HTTP it works. If I type it with HTTPS then i get a 'page can't be displayed'. The firewall shows no logs of denials either.

And this all began when the 3rd party made changes to the webserver certificates. So I'm at a loss here. Sadly these stores don't have Firefox installed as they are locked down, so it's basically IE 8 for now!
0
Dave BaldwinFixer of ProblemsCommented:
Can those computers to go any 'https' site?  Try going to https://www.comodo.com/ in IE8 since they are the ones that are issuing the certificate.  

Also make sure that TLS 1.0 is checked in the Advanced options in Internet Options.  In the Content Tab, click on Certificates to view the ones that are installed.  Under Intermediate Certificate Authorities, you should see 3 listings for COMODO.
0
ExpertNotReallyCommented:
Verify you have the Root Certificate of the issuing authority for that site in your trusted certificate store.  Also you may have to add the site itself to the Trusted Sites Security Zone.
0
YashyAuthor Commented:
the reason was because SP2 was installed for XP (I know..don't even get me started!) instead of SP3. So the encryption it uses to recognise the algorithm to recognise the certificate was not available for SP2. All sorted now using SP3:)

Thanks guys
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.