We help IT Professionals succeed at work.

One PC gets a "there is a problem with this website's security certificate", other one gets a "page cannot be displayed"

424 Views
Last Modified: 2016-03-08
Hi guys,

We have two Windows XP machines. There's Internet Explorer 8 on them both. They sit in our stores.

Both of them are going via the same firewall, and all rules are permitting them to go out to this external site. However, one of them gets the "there is a problem with this website's security certificate", which at least you can click onto continue and get to the require page. However, the other PC with the same configurations gets a "page cannot be displayed".

I've checked SSL settings and both have TL1.0 on and SSL3.0 ticked.

Any ideas what it could be?

Thanks for helping
Yashy
Comment
Watch Question

Senior Information Technology Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for the response guys.

I'm looking and there doesn't even seem to be a certificate for me to be able to analyse. Having spoken to their tech department, you're apparently not supposed to see anything other than some text to prove you can get to the site.

This is the site: https://api.ereceipts.co.uk/_/version .

When I do this from my own I.E 11, it tries to download a .json file which when I open in Notepad is exactly some text. If I use Chrome on my machine, it doesn't download anything and displays the text as it should.

But either way, I'm not seeing any ceritificates. Are you able to access the link above to see whether it makes sense that some I.E 8 browsers are not displaying the content?
Brian MurphySenior Information Technology Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I can access the site using Chrome.  If you click on the HTTPS you can inspect the certificate.

Here it is

2016-03-08_9-07-39.png
Brian MurphySenior Information Technology Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
2016-03-08_9-09-13.png

Author

Commented:
aaah! Okay great. Yes, I can see Cert in Chrome, but not in my I.E as it tries to download that text file rather than displaying it directly.

I can see that you've got a SHA2 certificate displayed, yes? If that was the case, would it mean that it is less likely to be an SSL issue?

Thanks for helping out.
Brian MurphySenior Information Technology Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Correct.  SHA256 or SHA2 is correct.  The certificate checks out.

Have you added this site to your "Trusted" zone?

Assuming you do trust the site.
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
In fact, if you even use online to access and check the ssl cert from this site looks fine.
https://www.ssllabs.com/ssltest/analyze.html?d=api.ereceipts.co.uk&latest
And note the the site supports only TLS1.0 and above so if browser cannot do that and does sslv3 and below it will not be able to access.
Brian MurphySenior Information Technology Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
It is odd that you would suddenly get this today with XP.  However, this is only going to get worse as websites transition to TLS security and decrement SSL.

What does your connection tab show in XP using Chrome browser for that Certificate?

2016-03-08_9-49-30.png



Do you have TLS 1.0, 1.1 checked on the Advanced Tab under Internet Tools, Options?
Brian MurphySenior Information Technology Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Do you have TLS 1.0 checked on the Advanced Tab under Internet Tools, Options?

This is for IE.

IE supports TLS 1.0 but you really need to migrate these machines off XP

https://www.ssllabs.com/ssltest/viewClient.html?name=IE&version=8&platform=XP

Author

Commented:
Okay on Chrome on my machine only (running Windows 7), it shows the same certificate as your pictures did.

I definitely have TLS 1.0 checked on both machines. I followed the link you sent to me and can see that it is indeed trusted. I just don't get why one machine gets there and the other one doesn't. Could it even be that one version has some updates which permit it to get to the site?

(I want to migrate these, but they sit in our stores across different parts of the country which will take some time).

Author

Commented:
Either way, I'm going to get these off the estate guys. Apparently, I've just spoken to the department for this website and they confirmed that I.E 8 does indeed have a lot of issues.

I'll close this, but again this has helped me greatly with the knowledge I've gained. Cheers guys.

Author

Commented:
Just one thing, you know when you analysed the website via the link, how did you use the website to workout that things had to be TLS 1.0 and above. Was it in the section under 'Protocols' which tells you the different version of TLS it supports?
Brian MurphySenior Information Technology Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Actually, I go in to detail in my article for TLS/SSL operating system hardening best practice.
https://www.experts-exchange.com/articles/25021/Citrix-SSL-TLS-Vulnerabilities-and-Operating-System-Hardening.html

I wrote this for Citrix, Server 2008 R2, and workstations (Windows 7) but all the core principles the same.

I think it would answer all your questions and if it does not I would be interested to know and might add that content.
Brian MurphySenior Information Technology Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Was it in the section under 'Protocols' which tells you the different version of TLS it supports?

Correct, Protocols.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.