Graham Hirst
asked on
Invalid Certificates - All sites
Hi Experts,
Hoping you can help with this as it is becoming more frequent. We're starting to get both desktops and servers, where, whatever https site they land on, it will say the certificate is invalid. All clients are above windows 2008 r2/windows 10 that are being affected by this.
On the current machine, a windows 2008 R2 x64 Server, even weirder, when i check the certificate path of google, i can see all certificates are listed as ok; Yet, still it says "This certificate cannot be verified up to a trusted certificate authority"
As far as i know, post vista, all machines now contact windows update for their certificates and update on a daily basis? Does this change when WSUS is in use?
If not, what could be causing this behavior? The time is correct on all servers and clients, and they are patched up to date?
Hoping you can help with this as it is becoming more frequent. We're starting to get both desktops and servers, where, whatever https site they land on, it will say the certificate is invalid. All clients are above windows 2008 r2/windows 10 that are being affected by this.
On the current machine, a windows 2008 R2 x64 Server, even weirder, when i check the certificate path of google, i can see all certificates are listed as ok; Yet, still it says "This certificate cannot be verified up to a trusted certificate authority"
As far as i know, post vista, all machines now contact windows update for their certificates and update on a daily basis? Does this change when WSUS is in use?
If not, what could be causing this behavior? The time is correct on all servers and clients, and they are patched up to date?
I had this once and wasn't able to solve it. I had to resort to my image backup. Any https-Site in the world it seemed would be seen as having an invalid certificate. It was Win10 as well. But it was just one machine and all other win10ers (all configured the same) were alright. You could try the inplace upgrade to repair it.
ASKER
I've got around it before by manually installing the certificates, but this seems to be happening more often so i'm concerned something is being missed with regards to how the machines update their root certificates
Certificate upgrades are distributed via Windows update, that's correct. If there are no updates for your machine, something is wrong. It would be troublesome to find out, that's why I recommended: You could try the inplace upgrade to repair it.
ASKER
Unfortunately this happens to a variety of clients and builds. As such, i need to find the cause. Else it will keep happening
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Unfortunately couldn't find the root cause, but was able to fix by work around