Over 1 million tech questions and answers.

Trusted Certificate Issue

Q: Trusted Certificate Issue

My work involves several sites we use on a daily basis. One of these sites (via Chrome) has started coming back as "unsecure", and no fixes I've done are working. I've modified the settings (and then) turned off the warnings, I've added -ignore-certification-error to the shortcut properties, and I've added the site to the list of Trusted Sites. I still keep getting the damn "not secure" warning.

The PCs in question are Dell Optiplex 7040. Does anyone have any other ideas? I've looked at doing Copy To File for the site certification, but the one in question is grayed out.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Trusted Certificate Issue

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 81.6

Hi,
I am trying to install CA root certificate on Windows 7, IE 9.
Encounter error: "Untrusted Certificate".  "This certificate cannot be verified up to a trusted certificate authority."
I have tried to install the certificate to Trusted Root Certificate Authorities->local computer and import was successful. BUT on IE->Internet Options->Certificate->Trusted Root Certificate Authorities, I am unable to find this root CA on
the list.
On mmc->Certificates->Trusted Root Certificate Authorities->certificates, I am able to view this root CA.
I then restarted the IE and view the ssl site again but failed too, "Untrusted Certificate".
Anyone, any idea ?
Regards,
Eye Gee

A:Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

May the following workarounds work for you:
Workaround 1:
Modify the Windows settings to allow the Update Root Certificate feature to update the root certificates automatically. For details, see the following Microsoft TechNet article:
Certificate Support and Resulting Internet Communication in Windows Server 2008
http://technet.microsoft.com/en-us/library/cc771121(WS.10).aspx
Workaround 2?
If the Update Root Certificate feature cannot automatically update the root certificates, you may contact the website vender to see if there is a hotfix can fix the issue.

Read other 8 answers
RELEVANCY SCORE 75.2

(I'm cross posting this from
https://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/a-certificate-chain-processed-but-terminated-in-a/e6895c7e-c6b9-4a96-a5f5-a4dcd40b7b45 as directed by the forum moderator there.)
Hello,

First, I have reviewed the other posts with similar questions and noted that I can install the certificate into root certificates and most likely this problem will go away, some specifics:

1) When a client reported this error using a pop.secureserver.net on an outlook 2003 client, I just figured it was godaddy or the REALLY old Outlook client, but nonetheless, I went in to troubleshoot it and was convinced it was godaddy, but when I tried
to start my Outlook 2016 client on my Windows 10 computer on their network, I got the same error.  Two notes are important: 1) I use godaddy as well and 2) I used the same computer at a different client just yesterday without a single error message.
2) They use POP 995 w/ SSL & SMTP 465 w/ SSL to pop.secureserver.net & smtpout.secureserver.net repsectively
3) I called the company that manages their firewall and was told that everything was fine, but was sent a certificate from the firewall that might fix the problem.
4) The firewall company tells me they use a fortinet firewall

I have some questions that I'm hoping one of the experts here can answer for me:

- What in a firewall setup can cause a certificate to fail as listed in the subject?
- Is there a port or configuration change they... Read more

Read other answers
RELEVANCY SCORE 65.6

Very annoying problem.
XP Pro with IE6 on desktop computer.
Trusted Sites contains: https://pilotweb.nas.faa.gov

When ever I go to the following site I get a Security Alert that states that the certificate was issued by a company that I have not chosen to trust...would I like to proceed, or install the certificate. Normally, I just click "YES" to proceed and I get my data. Sometimes I'll re-install the certificate as if it will do any good for next time...but it doesn't.

Here's the URL:

https://pilotweb.nas.faa.gov/geo/fl...Z&icao_id=RDU&icao_id=RWI&radius=10&options=A

Any ideas of what I can do so that this site is always trusted and I no longer get the Security Alert?

Thanks so much,
Tom
 

A:IE6 trusted certificate

Read other 7 answers
RELEVANCY SCORE 64.8

Hi All ,
How to fix this Vulnerability ?

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :


|-Subject : CN=
|-Issuer  : CN=NACH-HYPERV


https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509

Read other answers
RELEVANCY SCORE 64.8

Am running XP Pro SP3 on Dell Latitude D820.  All Windows XP & IE updates have been installed.
Suddenly, I am seeing (Topic) appearing when I attempt to login to some websites, even one for software downloaded from this site (Sun Trust...).
Most disturbing is that the login to one of my investment companies is now showing the "..not trusted" pop-up.  This is one of the largest investment companies in the U.S., so I doubt that there is a problem with their certificate, while I could easily believe that my local newspaper (another "not trusted") might not be up to date.
I have Norton installed and updated and have run Hitman, Emsisoft, AdwCleaner & ComboFix without incident but also without the desired result.
Any ideas?

A:Security Certificate not Trusted

Try installing this update http://www.microsoft.com/en-us/download/details.aspx?id=42092
 
It updates the list of root certificates on your PC (theses tell your PC how to recognise certificates that it should trust). The update is not installed automatically with other critical or important updates, so if you've only done those, you may have missed this one.

Read other 7 answers
RELEVANCY SCORE 64

I use the Chrome Browser for my internet surfing. When I attempt to log on to the Federal Government's website "ebenefits.gov", I get a warning that states "The sites security certificate is not trusted". I tell it to proceed anyway and it goes to the Veterans Administration website where I can check the status of a disability claim I filed last year. With Firefox, you could tell the browser to accept the certificate once, and it never asked presented the error again. With Chrome, you have to do it every time you go to the website. This is a primary government site for the VA and DOD and I trust it. Any idea how I can get Chrome to accept its certificate as valid? Thanks for reading and sharing.
 

A:This site's security certificate is not trusted

Make sure you have the correct date and time on your computer.
 

Read other 2 answers
RELEVANCY SCORE 63.6

Seems Comodo has inserted itself into my list of Trusted Publishers in IE8 and my "Remove" button is disabled. I don't appreciate this one bit, especially since one of the certs has expired. Is this normal or cause for concern? How can I get my Remove option back? Any suggestions much appreciated. Thanks a lot!

A:Comodo Certificate Signing in IE8 Trusted Publishers

i don't see this as an issue but you are right that there should be an opt-out.You could use DelDomains - but. as it states, it will remove everythingFirstly download: DelDomains.infLocate DelDomains.inf right-click and select: InstallNote: you will not see any on-screen action ...This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplied.

Read other 3 answers
RELEVANCY SCORE 63.6

http://myonlinesecurity.co.uk/emet-4-0-emet-detected-ssl-certificate-facebook-com-trusted/

Facebook buttons and links are embedded in so many websites, that any user who has EMET 4.0 installed will get the alert when generally surfing the web. This alert does not mean in this particular case that there is a problem with Facebook or any hijack or divert is taking place. All this “EMET detected that the SSL certificate for *.facebook.com is not trusted” means is that the rule checking the certificates inside EMET has expired on 30 December 2013. It does not mean in this particular case that the Facebook SSL certificate has expired or that anybody is intercepting or diverting your secure SSL connection to Facebook.

There are 3 cures to stop the EMET detected that the SSL certificate for *.facebook.com is not trusted alert message:

By far Cure 1 is the safest to do. All that option 2 does is delay the warning until the new date you set.

1.Update EMET 4.0 to 4.1 by going to Microsoft EMET 4.1 download and download and install EMET 4.1. This installs over the top of EMET 4.0 and retains any specific rules and settings that you have configured yourself.

2.Open up EMET 4.0, click on TRUST ( CONFIGURE CERTIFICATE TRUST) –> Click on the Pinning Rules Tab –> Under Rule Expiration for FacebookCA you can change the rule to expire next month or later and the message will go away. You can set it to when the YahooCA rule will expire on 3/13/2014 if you like and you won’t rece... Read more

Read other answers
RELEVANCY SCORE 62

When I go through the MMC, I add the snap in for certificate. When I go through the import process for Trusted People, in Win 7 you can click "show physical stores" and "local computer" becomes an option for "trusted people".
I don't see this in Win 8. I see registry, enterprise, and group policy. Which do I use, or how do I get "local computer" to show up?

Read other answers
RELEVANCY SCORE 59.2

Hi,

Really confusing one here. Since this weekend (16/17 July) we have started getting Certificate errors on some sites and applications. This seems to be due to the structure of the URL compared to the "advertised" name IIS is presenting. I'll try
to explain.
I have a site, Website. This is in my domain, domain.com. Therefore the FQDN is website.domain.com. IIS is running and I can access this site through FQDN,NetBIOS or IP address. Good news.
I create a certificate for the server using the FQDN as the subject, I add the Netbios and IP addresses in the Subject Alternate Names and Bind this to port 443 on the server.
I browse to https://website and all is good. I browse to https://website.domain.com I get a certificate error. Checking the certificate, everything is fine, no errors, chain is trusted. open Chrome and do the same, I get that the certificate website.domain.com
is being presented by Website and may not be the site I want.
Using either URL has never been a problem until this weekend, but it seems that IE/Windows/IIS is not liking any URL that is not EXACTLY what IIS is presenting. so my questions are:-
Is anyone else finding this?
Can we issue a certificate that covers all possible DNS resolutions for a site?
How do I control WHAT IIS advertises itself as?
SO far this has affected two major systems on our network and I can see that more will arise, so any help would be appreciated.

Read other answers
RELEVANCY SCORE 56.4

OS Version:  Windows 7 Enterprise x 86
IE Version:  IE 11
When a file is being downloaded from an internal website, an error prompt occurs, "certificate is not trusted".
However, it occurs, file can be downloaded properly.
If it can be controlled by Group Policy, please advise
Best solution: an error prompt can be suppressed

Read other answers
RELEVANCY SCORE 56.4

We are experiencing this problem with a few workstations and laptops and what we are currently doing is exporting the CA certificate from a workstation that has it in its store and importing it. The problem with this is that the certificate will eventually
expire and we will have to re import a new one again. I don't believe it is a group policy issue because other computers in the same OU are not missing the certificate.

Cany anyone shed light on how to troubleshoot this or how to force (if possible) the workstation to download the CA certificate?

Thank you in advance.
Jose

Read other answers
RELEVANCY SCORE 56.4

Hello,
I've a very nasty issue with root CA certificate that's disappearing from the trusted root authorities store. I'll shortly describe the environment: 
- Two tier PKI infrastructure with a offline, standalone root CA and a domain joined Enterprise issuing CA (both W2012R2); root CA certificate is published in AD
- There's a parent and child domain. Issuing CA lives in parent domain (2012R2 domain&forest level)
- Employees are working on a 2012R2 RDS&Citrix XenApp 76 server in the child domain
- In the parent domain several servers are using a SSL certificate signed by the company owned issuing CA; it's a SAN certificate
- The root CA's certificate is in the Trusted Root Certification Authorities store of all member servers in parent & child domain (so, that's also valid for the 2012R2 RDS servers)
The issue is that the certificate of the root CA that's in the trusted CA store of all RDS servers is being deleted on a regular base (at least once a day on each RDS-server). I enabled CAPI2 logging, but I couldn't find anything that makes sense. However
I'm able to reproduce this issue in very simple way: if I start IE11 on a RDS-server and browse to the IP-adres or NETBIOS-name of a webserver that host a site that's using a certificate from our PKI (so, it's clear that the URL isn't matching the names entered
in the SAN certificate) and I click on 'Continue to this website (not recommended)', the root CA's certificate is being removed from trusted... Read more

Read other answers
RELEVANCY SCORE 54.8

Hello,
I have ATT.NET. I use google chrome as my browser. For the last few weeks, when I go to ATT.NET and go to my mail,,,, a red screen appears and says " security sertificate not trusted, dont proceed. I proceed anyway to get to my email,, but I cant tell if im secure or not. Happens on some other sites as well. Someone said to check my time and date on my computer. I is up to date. Can anyone help me ???
Thanks
 

A:" security certificate not trusted "

Read other 16 answers
RELEVANCY SCORE 54.8

Hello 

After Install Windows 7 and windows 10 on  trusted  root certificate  i get minimal Certificate i need all Certificate 

for example ( verisign, comodo)

i work offline ,  no Wsus Server 

Read other answers
RELEVANCY SCORE 53.6

Hello,

I am trying to resolve an issue where multiple client computers in the organisation are using an internally deployed Root CA certificate (before my time and no longer required) to sign the end entity certificate for external websites, google.co.uk
for example. All SSL sites appeared to be affected by this.




However this is not the case as sub domains of sites with issues show the correct cert chain, the below is for mail.google.com




Removing or untrusting this root ca cert breaks access to these sites.

I have reset root certs in various ways, removed machines from the domain, applied no GPOs, manually updated CRL and pulled down updated certs with rootsupd.exe.
It always attempts to use this rouge CA cert to sign the websites cert.

Any assistance would be much appreciated.

Read other answers
RELEVANCY SCORE 48.4

No doubt that this has been brought up before, but I cannot locate the thread.

I installed Win 7 on an XP PC. I purchased Win 7 on Ebay recently. Had all sorts of problems getting to just about every website. Certificate issues. I reformatted the computer three times and reinstalled Win 7 again and again. Still certificate issues. Even when I install a certificate for a particular site, browsers keep telling me the certificates are invalid, etc. This goes for both Internet Explorer and Google Chrome.

So I reformatted and reinstalled Win XP again. Same problems. I can't even get to Microsoft to revalidate my Win XP. Very strange that this would continue to occur even after I've reformatted and reinstalled the operating systems.

I even went to my router login to see if there were any issues, because this problem is constant, no matter what I try.

I also tried to install the MS root certificate, but my machine will not even open the program up.
I have two other Win 7 computers that do not have this issue.

After I installed Win 7 for the first time on this particular computer, I entered the key and got no errors. A couple of days later, a note popped up on the screen that this was not a valid Win 7 OS. The person I purchased it from says that it is. I've been getting some strange, perhaps virus traffic lately and I don't know if this is related. One message said that to verify the OS, I needed to install a certain certificate. The URL was from "Microsoft Com", s... Read more

A:Certificate Issue

Deleted comment.
How can I delete this post?

Read other 3 answers
RELEVANCY SCORE 48.4

Hi,
I've got this weird certificate issue on 1 of the Windows 2012 R2 servers. I have an internal website that uses a certificate which was created by our internal CA. All of the servers have this certificate installed under "Trusted Root Certification
Authorities". 3 of the servers can browse to this website with no issues. However, I'm getting certificate error in IE on 1 of the servers. I double checked in Certificates management console and can confirm that certificate exists under "Trusted
Root Certification Authorities". I've also tried to manually install the certificate via IE > Content > Certificates with no luck as IE still showing certificate error.
What is stopping this server, or IE, from reading this certificate properly? Where should I be looking to troubleshoot this error?
Thanks in advance.

Read other answers
RELEVANCY SCORE 47.6

My internet explorer or Mozilla does not matter which one I choose to use for internet acces seem to think all site certificates are bad. I need to manually accept the site even ones that I use daily on other computers with no issue, example it thinks my bank, H&R Block certificates are no good, yet I access them from other laptops or desktops with no issue. In internet options I have selected various levels of security with no effect at all, it is very annoying. The address bar comes up Red no matter which site you go to. The lap top is a Sony VAIO and has Vista on it and as I indicated I have both Mozilla and or IE to choose from to surfe. Any help is appreciated
 

A:Site certificate issue

check the time & date on your computer is correct
 

Read other 1 answers
RELEVANCY SCORE 47.6

I keep getting a random IE pop-up boxes with the following message:

The server you are connected to is using a security certificate that could not be verified. A required certificate is not within its validity period when verifying against the current system clock or timestamp in the signed file. Do you want to continue using this server?

I've clicked yes, but it pop-ups again.

Here is my lastest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:03:29 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Di... Read more

A:Pop Up - security certificate issue

look at the time stamp in HJT

2/13/2005

ur a year behind! log is fine
 

Read other 2 answers
RELEVANCY SCORE 47.6

Hello,

I have an issue with several of our clients when navigating to us.linkedin.com, it is showing a certificate expiry error. The certificate shown is valid until 30/11/2017.

If I navigate to the same URL on the same machine using Chrome or Firefox, the correct new certificate is provided and there are no issues.

I have done the below, but all do not resolve:

- Tested inside and outside of our proxy (eg so client is going straight to internet)
- Selected the option to Clear SSL State in IE
- Used certutil -urlcache * delete to clear all cache
- Added the Inter CA DigiCert

Am using IE Version 11.

I am at a loss as to what this could be - any ideas?

Thanks,

Adam.

Read other answers
RELEVANCY SCORE 47.6

On some of the Windows machine, we received below error message while retrieving certificates. On other machines, there is no issue.
An error occurred while creating the certificate request. Please verify that your CSP supports any settings you have made and that your input is valid.  
Suggested cause:
No suggestion. 
Error: 0x80090345 - (unknown) 

Read other answers
RELEVANCY SCORE 47.6

I'm having a terrible time with this. I have an ECDSA cert/key P384 along with it's certification path CA certs in a .p12 file. I have installed the client cert and the CA certs to the proper stores.

Every time I try to connect to my WPA2 network I get an error stating that a proper certificate could not be found. All certificate times are ok.

All help much appreciated

Bill

-----------------------------------
Chev65 - thank you for your interest. Yes, I had done what you have suggested. The interesting thing is that the certificate I installed is ECDSA and neither IE nor wireless will even list the cert as one that can be chosen when trying to authenticate However, IE does list the cert as installed.
I have used this cert to perform EAP-TLS authentication using other systems so I am 99% sure that the problem is not with the cert.

Does anyone know of any issues with Windows 7 and ECDSA certificates? I thought one of the improvements was incorporation of ECC and support for NSA Suite B.

A:ECDSA Certificate EAP-TLS issue

Under "Manage wireless Networks" you should be using WPA2 Enterprize instead of WPA2 personal, I'm not sure if you are already doing that or not?

The Advanced settings tab comes up after you switch to "WPA2 Enterprize". This should allow you to use those certificates but there are more choices involved in this process.

When you click on one of the two settings it says "Smart card and other Certificate Properties" or "Microsoft protected EAP (PEAP) . I would look through both of them and try different settings. I'm not sure which setting would work with your particular certificate.

For your EAP-TLS it should be the second one which gets you to the "Protected EAP properties" window. Further down the page it shows "Select Authentication Method" or you can choose "connect to these servers" and type in the name of the server.

I'm not sure which one on the list relates to your ECDSA certificate but one of them should work.

Read other 3 answers
RELEVANCY SCORE 47.6

Hello,

I am having very odd issue with my PC. When I tried to access accounts.google.com, the browsers (chrome, firefox, IE) showed that certificate is not trusted and the option to proceed was not available. Here is the odd part, I can open the URL right after my PC boot up but I can't access it a few minutes later. I can access other websites normally as usual, I even still can log in to gmail because my browsers saved the cookies.

I tried some troubleshooting steps such as clearing browser cache and cookies and restoring my windows system. This problem occurs only on my PC and started a few days ago. Another issue is my windows update is not working, and I think this issue started at the same time as my first issue. I don't know if there's connection between them.

I've been googling for two days and followed a suggestion to download and install root certificate from microsoft but it didn't work. How do I solve this problem?

Thank you in advance

A:Odd certificate issue for particular website

Welcome to Seven Forums maurisrx. The first thing I would do is confirm your system time and date

Date and Time - Change

If it is correct, screenshots of the actual errors from each browser will help

Screenshots and Files - Upload and Post in Seven Forums

A Guy

Read other 9 answers
RELEVANCY SCORE 47.2

Hello,
I'm trying to upload a certificate to the message analyzer and receiving invalid password error. I know the password is correct as I can install the certificate using MMC with same password. I notice that every time I try to upload the certificate in Message
Analyzer, I receive this error in Windows Security Log (below). This certificate has multiple SAN entries as it's for a load balanced environment. I've been able to successfully load certificates that do not have SAN entries.
Any pointers on what might be causing this issue and how to resolve it?
Message Analyzer Error: Password for MyCert.pfx is Incorrect.
Corresponding Windows Security Log Entry:
Cryptographic operation.

Subject:
Security ID:
DOM\MyId
Account Name:
MyId
Account Domain:
DOM
Logon ID:
0x56fad

Cryptographic Parameters:
Provider Name:
Microsoft Software Key Storage Provider
Algorithm Name:
RSA
Key Name:
le-WebServerAlternateName-{some GUID}
Key Type:
Machine key.

Cryptographic Operation:
Operation:
Create Key.
Return Code:
0x80090010

SANs in Certificate:
DNS Name=DOMAPSV1
DNS Name=DOMAPSV1.dom.ag.loc
DNS Name=DOMAPSV2
DNS Name=DOMAPSV2.dom.ag.loc
DNS Name=DOMAPSV3
DNS Name=DOMAPSV3.dom.ag.loc
DNS Name=DOMAPSV4
DNS Name=DOMAPSV4.dom.ag.loc
DNS Name=DOMAPSV5
DNS Name=DOMAPSV5.dom.ag.loc
DNS Name=DOMAPSV6
DNS Name=DOMAPSV6.dom.ag.loc

Read other answers
RELEVANCY SCORE 47.2

Hi all. I have an annoying little problem accessing some of my mail accounts on my Samsung G800 mobile phone.
I've got 4 gmail accounts and one yahoo which are set up in my phones email client. It can take 30 seconds+ for the phone to check all my accounts once I initiate it so I like to set it going, close it up and put it in my pocket. If I have mail it'll buzz me, if not it won't.
My trouble is that my Yahoo account and one of my Gmail accounts throws up a warning telling me that the security certificate can't be varified and won't go any further until I accept it. It confuses the life out of me because the other three Gmails happilly carry on through without giving the warning. I've checked all the settings on my phone and each account is identical except for the login information.
Are there any settings in Gmail or yahoo themselves which could cause this? I doubt it as my N93 had no such trouble doing an identical job.
Thanks in advance
 

Read other answers
RELEVANCY SCORE 46.8

Hey all,I beleive I may have run into a malware situation. I am running Windows 7 and use Google Chrome.When I went to log in to various sites: Facebook, Yahoo, Twitter - pretty much anything with a login - I received this message:The site's security certificate is signed using a weak signature algorithm!You attempted to reach login.yahoo.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).You should not proceed, especially if you have never seen this warning before for this site.Proceed anyway Back to safety Help me understandWhen you connect to a secure website, the server hosting that site presents your browser with something called a "certificate" to verify its identity. This certificate contains identity information, such as the address of the website, which is verified by a third party that your computer trusts. By checking that the address in the certificate matches the address of the website, it is possible to verify that you are securely communicating with the website you intended, and not a third party (such as an attacker on your network).In this case, the server certificate or an intermediate CA certificate presented to your browser is signed using a weak signature algorithm such as RSA-MD2. Recent research by computer scientists showed... Read more

A:Google Chrome - Certificate Security Issue

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 5 answers
RELEVANCY SCORE 46.4

I recently purchased and installed a new modem, an Arris SB6183-RB. I went through the install with my provider and got everything enabled and set to go while I was on a direct ethernet connection. The ethernet connection still works fine.

My issue is once I send traffic over my wireless router, an ASUS RT-AC68U that I have had for two years and always worked great. Something is causing major security conflicts. Perhaps the firewall somehow? Basically, any device over the wireless network receives certificate security errors and websites cannot load. I have attached outlook.com screenshots as an example. I have two computers, and a smart phone, and any websites over the network now have problems. There are a few sites where certificates seem to work, and some apps on my phone seem to work fine. But the majority of websites:

1.) I get an alert from ESET antivirus about the faulty certificate.
2.) If I ignore that, Firefox is usually next on my tail.
3.) If I add an exception on Firefox and ignore, then it goes through OpenDNS and I am blocked on that end.

Basically, any traffic over my router is now hit with tons of warnings. I have tried the following:

1.) Updated the Firmware on the router, took a few flashes to get up to the most current Merlin version 380.62, did not help.

2.) I tried modifying a few settings in the router firmware that were recommended after updating to the latest Merlin, but these are more speed adjustments. Did not help.

3.) I went into the GUI fo... Read more

Read other answers
RELEVANCY SCORE 46.4

This is a fresh install, where fresh means it was reinstalled over an existing install and nothing was kept from the previous install, of Windows 8.1. Windows update appears to be checking forever but nothing is ever updated. 
I've seen a good number of errors in WindowsUpdate.log and tried to address those through the various fixes seen throughout these forums. Many thanks to those that have contributed over the years!

The same image has been used without issue to reimage other machines but I downloaded another one from our volume license subscription as a just in case but it made no difference. At the very bottom is what I suspect the culprit is but I'm not deeply familiar
with the backend of the Windows Update process. 

Any assistance is appreciated!!!!

Here is what I've tried so far and what the end result was.


Windows Update Troubleshooter: Found and fixed errors. I ran this multiple times through out the various attempts to get WU working.sfc /scannow: Found no corrupted filesDISM /Online /Cleanup-image /Restorehealth: Said it found issues and repaired them.
I'm currently running through the steps below and currently at the "Reset or reinstall Windows" section which boggles my mind since this is a fresh install.
https://support.microsoft.com/en-gb/help/10164/fix-windows-update-errors

I've also tried everything noted here, 
https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components

I checked... Read more

Read other answers
RELEVANCY SCORE 45.6

Hi,

Our company is planning to replace SHA1 certificates to SHA256 certificates. We are now on the testing phase.

Our Radius Server is: Cisco ACS
Current Authentication Method: User Authentication (EAP-TLS using our PKI infrastructure)

Issue: Clients using Windows 7 cannot connect to our Current SSID but Windows 10 users can connect. Using the old SHA1 certificate, both Windows 7 and 10 users can connect. Windows 7 machines are saying "a certificate is required to connect
to <SSID>". even though the certificate is already installed.

Changing the Authentication from "User" to "Machine" Authentication, the windows 7 laptop responds and attempts to connect on the Cisco ACS. 

Cisco TAC says
"ACS is properly configured, but as explained before we are not reaching the TLS handshake between ACS and windows machine since the windows machine is not responding to the WLC EAPOL packet."

What could be the problem on the windows 7 machine? Do we need to upgrade something?

Read other answers
RELEVANCY SCORE 45.2

Hi,

Our company is planning to replace SHA1 certificates to SHA256 certificates. Our parallel PKI infrastructure using SHA256 is now in place.

Root and Policy CA are shutdown. Only Issuing CA is online. AIA and CDP were already published. Clients can now get the new SHA256 certificates.
We are now on the testing phase.

Our Radius Server is: Cisco ACS
Current Authentication Method: User Authentication (EAP-TLS using our PKI infrastructure)

Issue: Clients using Windows 7 cannot connect to our Current SSID but Windows 10 users can connect. Using the old SHA1 certificate, both Windows 7 and 10 users can connect. Windows 7 machines are saying "a certificate is required to connect
to <SSID>". even though the certificate is already installed.

Changing the Authentication from "User" to "Machine" Authentication, the windows 7 laptop responds and attempts to connect on the Cisco ACS. 

Cisco TAC says
"ACS is properly configured, but as explained before we are not reaching the TLS handshake between ACS and windows machine since the windows machine is not responding to the WLC EAPOL packet."

What could be the problem on the windows 7 machine? Do we need to upgrade something?

Read other answers
RELEVANCY SCORE 45.2

Is there a rvkroots.exe available for download for the mentioned KB so that I can remediate a Nessus finding?
We are on a disconnected network so windows update is disabled in our network.
In the past we are able to just download rvkroots.exe and push it out to all our Win7 computers.

Read other answers
RELEVANCY SCORE 45.2

I have some Windows 7 systems which have not run Windows Updates for many years, and cannot due to regulatory reasons.   We rely upon Windows to automatically update the Trusted Root Certificate store whenever we browse to a web site/web service
that uses a certificate the system doesn't recognize. 
Sometime recently, the Trusted Root Certificate Store no longer updates automatically.  The Windows Event Log shows an error stating that the certificates cannot be downloaded from:
http : // ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
If we browse to this location manually, the cab file contains an invalid Microsoft certificate. 

This was also an issue in Sept 2018.  At that time, the certificate had expired, and Microsoft eventually updated the certificate to resolve the issue.   This time, the certificate does not appear to have expired.  Why is the certificate
invalid this time, and can Microsoft fix it again?

Thanks

Read other answers
RELEVANCY SCORE 45.2

so whats up with this error message ??
Revocation information for the security certificate for this site is not available. Do you want to proceed? [Yes] [No] [View certificate]


i know it can be unchecked in security option under advanced. but is that really safe to do ???

Thx


Steven J Einhorn

Read other answers
RELEVANCY SCORE 44.8

Hi,

Our company is planning to replace SHA1 certificates to SHA256 certificates. Our parallel PKI infrastructure using SHA256 is now in place.

Root and Policy CA are shutdown. Only Issuing CA is online. AIA and CDP were already published. Clients can now get the new SHA256 certificates.
We are now on the testing phase.

Our Radius Server is: Cisco ACS
Current Authentication Method: User Authentication (EAP-TLS using our PKI infrastructure)

Issue: Clients using Windows 7 cannot connect to our Current SSID but Windows 10 users can connect. Using the old SHA1 certificate, both Windows 7 and 10 users can connect. Windows 7 machines are saying "a certificate is required to connect
to <SSID>". even though the certificate is already installed.

Changing the Authentication from "User" to "Machine" Authentication, the windows 7 laptop responds and attempts to connect on the Cisco ACS. 

Cisco TAC says
"ACS is properly configured, but as explained before we are not reaching the TLS handshake between ACS and windows machine since the windows machine is not responding to the WLC EAPOL packet."

What could be the problem on the windows 7 machine? Do we need to upgrade something?

Read other answers
RELEVANCY SCORE 44.8

Hello All, I have this issue on several computers on T560 with Windows 10 Pro (version 1607) WITH a TPM chip: "This device cannot use a Trusted Platform Module.  Your administrator must set the "Allow Bitlocker without a compatible TPM" option in the  "Required additional authentication at startup" policy for OS volumes" And I want to use the TPM (not the feature Without the TPM). The TPM chip state is :   "the secure platform module (TPM) is ready to be used" I have already try out of domain : doesn't work. I have installed ALL the LENOVO updates (even the Intel management engine software and bios) Thanks for any idea

Read other answers
RELEVANCY SCORE 44.4

Can someone walk me through the steps of having Advanced Threat Analytics (ATA) request a new certificate from Active Directory Certificate Services (ADCS)?  I'm not familiar with either product so I will need detailed steps please.  At a high-level
i'm guessing
1. ATA issues a certificate request
2. I send the request to ADCS
3. ADCS issues a cert for that request
4. Install new cert in ATA
I'll need detailed command line statements.  My ATA Center server is named ATASERVER.DOMAIN.ORG, and I but the URL is configured as ATACENTER.DOMAIN.ORG in ATA.  Can the cert handle both the servername and the URL?
Thank you in advance!

Read other answers
RELEVANCY SCORE 44.4

Hiya

This update addresses the "Certificate Renewal Wizard Concatenates Certificate" issue in Internet Information Services (IIS) 5.0, and is discussed in Microsoft Knowledge Base (KB) Article Q325827. Download now to correct this issue for IIS 5.0

System Requirements
Supported Operating Systems: Windows 2000

Internet Information Services 5.0
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server

http://www.microsoft.com/downloads/...43-c72f-4652-b912-065ee2a83c02&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 44.4

In Internet Explorer, when I get a certificate error, if I continue to the web site, I can then view the certificate to see what was wrong.  However, obviously it would be preferable* to see the certificate
before I make the decision to go to the site.  Is this possible?  I'm sure I could use another browser that does this, or maybe use the F12 developer tools, or write a program.   But I'm looking
for a normal-user way to do it.  I think it used to be possible in Internet Explorer, but this might have been 6.x or even earlier.  Or even
way earlier.  Yep.  I'm that old.  I believe this feature is not in Edge either...unless I'm just missing it.  But I'm using ie11 right now.
*understatement level is set to "high".

Read other answers
RELEVANCY SCORE 44.4

I have Windows 7 client and Cisco router is configured as Certificate Authority. Cisco calls it IOS CA. How can I do certificate enrollment of Windows 7 client with my Cisco IOS Certificate Authority?

Read other answers
RELEVANCY SCORE 44.4

Operating system: Windows XP My friend is having serious problems with his computer. At first his computer all at once his computer started posting these messages that his computer needed to update his security or that his anti spyware was out of date (sorry he can?t recall anything out of the ordinary that he was doing to start this). Later his computer went into a restart cycle showing at first the blue screen of death for a couple of seconds then going blank it then restarting it goes up until his profile Icon appears and then it restarts again. In a flurry I said "Maybe its Internet driven. Take out your Ethernet!" ? and sure enough the cycle stopped however the messages or the alerts that he needed to buy this or that in order to free his computer of a virus were still going around. There are four messages that pop up 1 From the toolbar (from the Icon which opens to the security Center Your computer might be at risk Your anti virus software might be out of date Click this balloon to fix this problem (I realize this might be normal as his antivirus software probably is out of date)2 From the toolbar Updates are ready to install on your computer Click here to install these updates (Again normal looking ? however the computer is not connected to the internet so where would it get the update FROM?)3 Symantec Anti virus ? A rectangle with yellow background pops up from the tool bar Auto Protect is Disabled 4 was a Windows security Alert which popped up as it... Read more

A:Internet Driven Restart Cycle Virus [side Issue: Smitfraud (or Like Problem) -- Trusted Anti Virus]

Actually it is most likely that Smitfraudfix did fix the bad/fake pop-up seeing as # 4 on my list of popups is not showing up any more (the other three -more normal looking ones- still are showing up). So any suggestions for the restart cycle that is going on from the log?

Read other 16 answers
RELEVANCY SCORE 43.6

Good Day



We have a problem where we encrypted files using EFS, however we can't access or decrypt these files now.

We have the certificate in the certmgr.msc but we do see that the key is missing.



I have reproduced this on another computer and was able to run certutil -repairstore -user MY "Serial Number" which worked in repairing the store and files was decryptable again.

However on the machine that encrypted the files that we need to access this is not the case as there is a popup asking for your Smart Card.

We are not using Smart Cards at all, and have had a look at the following article regarding this issue, but the hotfix didn't work: https://support.microsoft.com/en-us/kb/2955631




I have software that can remove the encryption but will require the .pfx file, which can't be exported as the certstore doesn't show that it still has this.



It is a self signed certificate generated by Windows, so I can't request a new one using the CA.


Thanks for your help in advance.

Read other answers
RELEVANCY SCORE 43.6

Hi,
Having some fun with a windows 7 setup of DirectAccess, have it configured to use ECC certificates on the client for the IPSec authentication, which was working brilliantly, we even have it loaded up behind a Citrix Netscaler to do SSL offloading of the
HTTPS tunnel encryption. But when trying to get Client Preauthentication working, we hit a snag, it seems that the NetScalers dont support ECC certificates, which is a pain, but something we thought we could work around by using an RSA certificate on the client
to performed the pre-authentication (as shown here https://directaccess.richardhicks.com/2016/05/10/directaccess-ip-https-preauthentication-using-citrix-netscaler/).
So we have three CA's, CA1/2 issue RSA certs and CA3 is setup to do the ECC ones, so nice separation of the chains.
So we have our Cert chain for RSA loaded into the load balancer and a new cert issued to the client from CA1... But, every time the client connects to the server (LB) we see the handshake taking place, the server sends a list of its DNs (CA1/2) (https://blogs.msdn.microsoft.com/kaushal/2015/05/27/client-certificate-authentication/)
to the client, but then the client looks in its store, picks out the ECC certificate (issued from CA3) and fails to authenticate saying no suitable certificate can be found, its like its not even looking at the RSA one at all.
So, thinking something was wrong with the way the LB was asking for client authentication, I tried deleting the ECC cert a... Read more

Read other answers
RELEVANCY SCORE 42.4

seems that "Microsoft Certificate Trust List Publisher" Certificate Valid:01.27.2017-04.12.2018 is missing following EKU
'Microsoft Trust List Signing' (1.3.6.1.4.1.311.10.3.1) ?!
-ExtendedKeyUsage
     -Usage
          [ oid] 1.3.6.1.4.1.311.10.3.1
          [ name] Microsoft Trust List Signing
-ErrorStatus
     [ value] 10
     [ CERT_TRUST_IS_NOT_VALID_FOR_USAGE] true
Note: KB2328240 is imho not permanently fixing this problem ! (*curing only some derivated symptoms)

Read other answers
RELEVANCY SCORE 42

I have a problem with install multiple digital certificate (PKF format) to allow access to one website with different account ID.

Every time I installed the certificate, it is working and allow me access to the website with relevance ID. However, the installed certificate will be missing if I continue to install with another certificate. The way I install the certificate is just double click on the PKF certificate that provided by the website admin, then kept click on the next button until its finish the installation steps. All the certificates will install to "Personal" certificate store folder, but the problem is only one certificate will remain.

I ever try to import all the certificate with using windows certificate manager, is allow me to import all the certificates and able to let me access to the website with select different certificate to login with selected account ID. Anyway this method is only workable if the Internet Explorer is not close after install all the certificates, once the Internet Explorer is close, then all the certificates were gone.

The motioned problem PC is running on Windows XP SP3 with latest update. And the using internet explorer is version 8 with latest update as well.

I had try to reset the Internet Explorer to default, but is not working so, appreciate is anyone can guide me to solve this problem

A:PKF certificate missing after new certificate was installed

Under "Content" in Internet Options, are all your certificates there? Mine are. Either your Admin. or the issuer should have your answer. Some PKFs are not compatible with all OSs or Browsers. Try downloading certificates to Firefox or Chrome and see if that works.

Read other 2 answers