Solved

NET::ERR_CERT_REVOKE response, but only from two PCs

Posted on 2016-07-29
10
47 Views
Last Modified: 2016-09-01
I have a Synology NAS that is secured using a Go Daddy SSL. It has been working fine for months and the certificate doesn't expire until 2019.

The Problem:
I have one user who receives the NET::ERR_CERT_REVOKE Revoked Certificate response trying to access the site from either Chrome or Edge browsers. He can access the site only from IE if I disable the 'Server Revocation Check'. He has two laptops and it is happening on both.

Here's the kicker:
All other users can access the site without error from any computers and mobile devices. I have tested this from multiple computers located all over the world and it always works as it should.

What I've done so far:
I verified the validity of the cert on both GoDaddy's site and the NAS.
I ran Full Scans of his computer using both AVG and Malwarebyes and they came back clean.
I tried uninstalling Chrome and re-installing.
I tried updating the CRLSet Component of Chrome.
I tried manually importing the certificate and private key to his Private Store on the computer.
I tried looking at blogs on this topic, but most don't really apply to this specific scenario.

Two Possibly Unrelated Observations
This first happened after both computers were at his home and I wonder if his home network might be involved, though I don't see how exactly.
He is the only domain users who claims that Outlook periodically prompts him for a password for his Exchange account. This also seems to be happening while at home. I have never been able to reproduce this issue. Whenever I remote-in to his computer and bounce Outlook it connects without issue.

Any suggestions would be appreciated?

Thanks in advance,
Brian
0
Comment
Question by:BMaenpaa
  • 5
  • 4
10 Comments
 
LVL 41

Expert Comment

by:Jackie Man
Comment Utility
Timezone difference?
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Are the computer that are having the problems running the most recent versions of Firefox and Chrome?  Are they fully patched using Windows Update?

Since the cert is supposed to be valid until 2019 I would not expect a timezone difference to cause this problem, maybe the time.  Like the computer have had their years changed to 2019 or 2020.

The other possibility is the signing certs could have issues.  Get a list of all the certs in the signing  chain and then look at the local CA store on the computers having problems.  It's possible that they have old versions of the signing certs that have expired.

IE uses the Windows CA store, Firefox and Chrome use their own CA stores.
0
 

Author Comment

by:BMaenpaa
Comment Utility
Thanks for the quick response.
Time and zone are correct.
I reset Chrome and Internet Settings to defaults.
During my testing, I was able to login to a new Windows Profile on the user's machine and connect to the site without issue, so I assume it is a problem with that user's certificate store. I opened the MMC for his account certificates and deleted the existing site cert but not the intermediate or Third-Party Root certs for GoDaddy. This doesn't seem to have helped.
Strangely, I can access the OWA site at the same location that is also employing a GoDaddy cert without issue.
Any other suggestions?
Thanks,
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Ah, just re-read your original post and the answer is there.  

"He can access the site only from IE if I disable the 'Server Revocation Check'."

Server Revocation Check is when a client software, the browser in this case, check to verify that a certificate has not been revoked by getting a CRL.  A revoked certificate is one that looks like it should still be valid, but for some reason has been revoked.  Normally because a private key has been stolen or compromised in some other way.

Here is a description of this process, which all browsers do.  IE allows you to disable this function, not sure if other browsers allow this.

https://blogs.msdn.microsoft.com/ieinternals/2011/04/07/understanding-certificate-revocation-checks/
0
 

Author Comment

by:BMaenpaa
Comment Utility
Thanks giltjr,
That is an interesting article, but I don't see how it helps me to correct this issue.
There is actually no problem with the cert and the site is available from everywhere except from this computer while logged into this specific profile.
Could this be a product of his home network not allowing access to the Certificate Issuer in a timely manner? But then it works logged in as another user on the machine.
This feels like an infection of some kind, but the scans came up with nothing...
Thanks again.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 57

Expert Comment

by:giltjr
Comment Utility
If the CRL really has the certificate as being revoked, then there is nothing you can do about it other than figure out why.

However, I would suggest running a packet trace from his computer (I use Wireshark) to see what is going on.

I'm not sure what happens when you request a CRL and it does not return, or does not return fast enough.

Here are instructions to enable Certificate Revocation Chrome.  You can use them to verify the status of CR check in his Chrome (and yours):

https://scotthelme.co.uk/certificate-revocation-google-chrome/

You may want to see if your browser of choice is setup to check for certificates being revoked or not.
0
 

Author Comment

by:BMaenpaa
Comment Utility
Thanks again giltjr,

Clearly there is great value to enabling Revokation Detection, ad my intent in disabling it was only for testing purposes. Just trying to figure out this is only happening to one person on two computers that otherwise permit access under different profiles and how to return access.
I'm sure I could correct this by assigning a new computer from inventory, but I want to understand why.
Thanks again for your help. I will leave this thread open for a while in case I discover something worth sharing.
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Um, interesting.  If he is getting that error with Chrome, then it is possible he has a old version.   Doing some more research Google at some point (about 2 years ago) decided to not only make CR disabled by default, they don't even let you enabled through the GUI.  It is a registry hack now.

I know at one time the default for IE was to check so I am assuming that MS made that the default for Edge.  Firefox seems to make checking the default.
0
 

Accepted Solution

by:
BMaenpaa earned 0 total points
Comment Utility
The only solution was actually a workaround. Though removing Chrome and all instances of Chrome folder didn't work, I found deleting the entire profile from the machine and re-creating solved the issue.
I think this may have been some type of infection/exploit that the scanners couldn't identify.
0
 

Author Closing Comment

by:BMaenpaa
Comment Utility
Thanks to Giltjr for your time.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

It's here again; Microsoft is launching a new version of Internet Explorer: Internet Explorer 9, with noticeable changes on its interface, functions and new tools. As they say on its promotional video: "It's time to play, on a more beautiful web", f…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now