Avatar of Yashy
YashyFlag for United Kingdom of Great Britain and Northern Ireland asked on

One PC gets a "there is a problem with this website's security certificate", other one gets a "page cannot be displayed"

Hi guys,

We have two Windows XP machines. There's Internet Explorer 8 on them both. They sit in our stores.

Both of them are going via the same firewall, and all rules are permitting them to go out to this external site. However, one of them gets the "there is a problem with this website's security certificate", which at least you can click onto continue and get to the require page. However, the other PC with the same configurations gets a "page cannot be displayed".

I've checked SSL settings and both have TL1.0 on and SSL3.0 ticked.

Any ideas what it could be?

Thanks for helping
Yashy
Windows XPWindows OSSSL / HTTPSWindows 7

Avatar of undefined
Last Comment
Brian Murphy

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Brian Murphy

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
btan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Yashy

Thanks for the response guys.

I'm looking and there doesn't even seem to be a certificate for me to be able to analyse. Having spoken to their tech department, you're apparently not supposed to see anything other than some text to prove you can get to the site.

This is the site: https://api.ereceipts.co.uk/_/version .

When I do this from my own I.E 11, it tries to download a .json file which when I open in Notepad is exactly some text. If I use Chrome on my machine, it doesn't download anything and displays the text as it should.

But either way, I'm not seeing any ceritificates. Are you able to access the link above to see whether it makes sense that some I.E 8 browsers are not displaying the content?
Brian Murphy

I can access the site using Chrome.  If you click on the HTTPS you can inspect the certificate.

Here it is

2016-03-08_9-07-39.png
Brian Murphy

2016-03-08_9-09-13.png
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
Yashy

aaah! Okay great. Yes, I can see Cert in Chrome, but not in my I.E as it tries to download that text file rather than displaying it directly.

I can see that you've got a SHA2 certificate displayed, yes? If that was the case, would it mean that it is less likely to be an SSL issue?

Thanks for helping out.
Brian Murphy

Correct.  SHA256 or SHA2 is correct.  The certificate checks out.

Have you added this site to your "Trusted" zone?

Assuming you do trust the site.
btan

In fact, if you even use online to access and check the ssl cert from this site looks fine.
https://www.ssllabs.com/ssltest/analyze.html?d=api.ereceipts.co.uk&latest
And note the the site supports only TLS1.0 and above so if browser cannot do that and does sslv3 and below it will not be able to access.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Brian Murphy

It is odd that you would suddenly get this today with XP.  However, this is only going to get worse as websites transition to TLS security and decrement SSL.

What does your connection tab show in XP using Chrome browser for that Certificate?

2016-03-08_9-49-30.png



Do you have TLS 1.0, 1.1 checked on the Advanced Tab under Internet Tools, Options?
Brian Murphy

Do you have TLS 1.0 checked on the Advanced Tab under Internet Tools, Options?

This is for IE.

IE supports TLS 1.0 but you really need to migrate these machines off XP

https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=XP
ASKER
Yashy

Okay on Chrome on my machine only (running Windows 7), it shows the same certificate as your pictures did.

I definitely have TLS 1.0 checked on both machines. I followed the link you sent to me and can see that it is indeed trusted. I just don't get why one machine gets there and the other one doesn't. Could it even be that one version has some updates which permit it to get to the site?

(I want to migrate these, but they sit in our stores across different parts of the country which will take some time).
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER
Yashy

Either way, I'm going to get these off the estate guys. Apparently, I've just spoken to the department for this website and they confirmed that I.E 8 does indeed have a lot of issues.

I'll close this, but again this has helped me greatly with the knowledge I've gained. Cheers guys.
ASKER
Yashy

Just one thing, you know when you analysed the website via the link, how did you use the website to workout that things had to be TLS 1.0 and above. Was it in the section under 'Protocols' which tells you the different version of TLS it supports?
Brian Murphy

Actually, I go in to detail in my article for TLS/SSL operating system hardening best practice.
https://www.experts-exchange.com/articles/25021/Citrix-SSL-TLS-Vulnerabilities-and-Operating-System-Hardening.html

I wrote this for Citrix, Server 2008 R2, and workstations (Windows 7) but all the core principles the same.

I think it would answer all your questions and if it does not I would be interested to know and might add that content.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Brian Murphy

Was it in the section under 'Protocols' which tells you the different version of TLS it supports?

Correct, Protocols.