Solved

SSL site works on some PC's, but not others.

Posted on 2014-09-26
7
231 Views
Last Modified: 2014-10-04
Hi guys,

We have a load of store PC's still on Windows XP and running IE 8. All of these stores have the same PCs, specs and are all on our network range of 172.16.0.0/16. They all have the same applications, so it won't be another application taking up port 443. Also, our Watchguard firewall is set to permit all of these stores out to the same places. So whatever store 1 can access, store 2 can too.

The company we work with have made changes to their SSL certificates on their website recently and some PC's are able to access the actual IIS 7 page when accessing with HTTPS. And a load of other PC's are unable to reach the IIS 7 page.

My question is this: what on earth can I go back with to the guys who own the web servers? Can I ask them to make certain changes? Is there a binding issue somewhere?

Any diagnostics you can offer would be great.

Thanks guys
Yashy
0
Comment
Question by:Yashy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40345695
Look into getting the "Root Certificate Store" updates for your PCs.  Root Certificates are the ones on your PC that are used to 'validate' the ones on web sites.  While Windows 7 and above may automatically update them, Windows XP never did, they were always optional.

http://support2.microsoft.com/kb/931125
0
 
LVL 1

Author Comment

by:Yashy
ID: 40345799
Hi Dave,

Thanks for responding. I went ahead and downloaded the hotfix and applied the 'Fix'. However, the website still doesn't publish sadly. I installed the fix and restarted the machine.

This is the test site I'm trying to get to https://ssl-test-2.tcppublishing.com
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40346787
I don't have any trouble getting to that site but all it is is a basic IIS7 logo page.  It works the same in Firefox, Chrome, IE8, and Opera on this computer.

Are you getting any error messages?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 1

Author Comment

by:Yashy
ID: 40346976
I know, it works from my PC at home and it does to from some of the PC's around our stores.

But from the non working PC's if I type the address above with just HTTP it works. If I type it with HTTPS then i get a 'page can't be displayed'. The firewall shows no logs of denials either.

And this all began when the 3rd party made changes to the webserver certificates. So I'm at a loss here. Sadly these stores don't have Firefox installed as they are locked down, so it's basically IE 8 for now!
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40347149
Can those computers to go any 'https' site?  Try going to https://www.comodo.com/ in IE8 since they are the ones that are issuing the certificate.  

Also make sure that TLS 1.0 is checked in the Advanced options in Internet Options.  In the Content Tab, click on Certificates to view the ones that are installed.  Under Intermediate Certificate Authorities, you should see 3 listings for COMODO.
0
 
LVL 1

Expert Comment

by:ExpertNotReally
ID: 40347950
Verify you have the Root Certificate of the issuing authority for that site in your trusted certificate store.  Also you may have to add the site itself to the Trusted Sites Security Zone.
0
 
LVL 1

Author Comment

by:Yashy
ID: 40361447
the reason was because SP2 was installed for XP (I know..don't even get me started!) instead of SP3. So the encryption it uses to recognise the algorithm to recognise the certificate was not available for SP2. All sorted now using SP3:)

Thanks guys
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question