Over 1 million tech questions and answers.

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Q: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

(I'm cross posting this from
https://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/a-certificate-chain-processed-but-terminated-in-a/e6895c7e-c6b9-4a96-a5f5-a4dcd40b7b45 as directed by the forum moderator there.)
Hello,

First, I have reviewed the other posts with similar questions and noted that I can install the certificate into root certificates and most likely this problem will go away, some specifics:

1) When a client reported this error using a pop.secureserver.net on an outlook 2003 client, I just figured it was godaddy or the REALLY old Outlook client, but nonetheless, I went in to troubleshoot it and was convinced it was godaddy, but when I tried
to start my Outlook 2016 client on my Windows 10 computer on their network, I got the same error. Two notes are important: 1) I use godaddy as well and 2) I used the same computer at a different client just yesterday without a single error message.
2) They use POP 995 w/ SSL & SMTP 465 w/ SSL to pop.secureserver.net & smtpout.secureserver.net repsectively
3) I called the company that manages their firewall and was told that everything was fine, but was sent a certificate from the firewall that might fix the problem.
4) The firewall company tells me they use a fortinet firewall

I have some questions that I'm hoping one of the experts here can answer for me:

- What in a firewall setup can cause a certificate to fail as listed in the subject?
- Is there a port or configuration change they can make that would allow certificates to work properly?
- How can I fix this without installing a certificate on every machine in the business?

I hope this is in the right section. I saw where several posts having to do with certificate errors were redirected to the IE forum, so I posted it here. If there is a better forum for this question, please let me know. Thanks in advance
for any help with this.

Jeff

Read other answers
RELEVANCY SCORE 200
Preferred Solution: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 159.2

Hi,
I am trying to install CA root certificate on Windows 7, IE 9.
Encounter error: "Untrusted Certificate".  "This certificate cannot be verified up to a trusted certificate authority."
I have tried to install the certificate to Trusted Root Certificate Authorities->local computer and import was successful. BUT on IE->Internet Options->Certificate->Trusted Root Certificate Authorities, I am unable to find this root CA on
the list.
On mmc->Certificates->Trusted Root Certificate Authorities->certificates, I am able to view this root CA.
I then restarted the IE and view the ssl site again but failed too, "Untrusted Certificate".
Anyone, any idea ?
Regards,
Eye Gee

A:Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

May the following workarounds work for you:
Workaround 1:
Modify the Windows settings to allow the Update Root Certificate feature to update the root certificates automatically. For details, see the following Microsoft TechNet article:
Certificate Support and Resulting Internet Communication in Windows Server 2008
http://technet.microsoft.com/en-us/library/cc771121(WS.10).aspx
Workaround 2?
If the Update Root Certificate feature cannot automatically update the root certificates, you may contact the website vender to see if there is a hotfix can fix the issue.

Read other 8 answers
RELEVANCY SCORE 146.4

I have some Windows 7 systems which have not run Windows Updates for many years, and cannot due to regulatory reasons.   We rely upon Windows to automatically update the Trusted Root Certificate store whenever we browse to a web site/web service
that uses a certificate the system doesn't recognize. 
Sometime recently, the Trusted Root Certificate Store no longer updates automatically.  The Windows Event Log shows an error stating that the certificates cannot be downloaded from:
http : // ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
If we browse to this location manually, the cab file contains an invalid Microsoft certificate. 

This was also an issue in Sept 2018.  At that time, the certificate had expired, and Microsoft eventually updated the certificate to resolve the issue.   This time, the certificate does not appear to have expired.  Why is the certificate
invalid this time, and can Microsoft fix it again?

Thanks

Read other answers
RELEVANCY SCORE 132.4

Hello,

I am trying to resolve an issue where multiple client computers in the organisation are using an internally deployed Root CA certificate (before my time and no longer required) to sign the end entity certificate for external websites, google.co.uk
for example. All SSL sites appeared to be affected by this.




However this is not the case as sub domains of sites with issues show the correct cert chain, the below is for mail.google.com




Removing or untrusting this root ca cert breaks access to these sites.

I have reset root certs in various ways, removed machines from the domain, applied no GPOs, manually updated CRL and pulled down updated certs with rootsupd.exe.
It always attempts to use this rouge CA cert to sign the websites cert.

Any assistance would be much appreciated.

Read other answers
RELEVANCY SCORE 126.4

We are experiencing this problem with a few workstations and laptops and what we are currently doing is exporting the CA certificate from a workstation that has it in its store and importing it. The problem with this is that the certificate will eventually
expire and we will have to re import a new one again. I don't believe it is a group policy issue because other computers in the same OU are not missing the certificate.

Cany anyone shed light on how to troubleshoot this or how to force (if possible) the workstation to download the CA certificate?

Thank you in advance.
Jose

Read other answers
RELEVANCY SCORE 126.4

Hello,
I've a very nasty issue with root CA certificate that's disappearing from the trusted root authorities store. I'll shortly describe the environment: 
- Two tier PKI infrastructure with a offline, standalone root CA and a domain joined Enterprise issuing CA (both W2012R2); root CA certificate is published in AD
- There's a parent and child domain. Issuing CA lives in parent domain (2012R2 domain&forest level)
- Employees are working on a 2012R2 RDS&Citrix XenApp 76 server in the child domain
- In the parent domain several servers are using a SSL certificate signed by the company owned issuing CA; it's a SAN certificate
- The root CA's certificate is in the Trusted Root Certification Authorities store of all member servers in parent & child domain (so, that's also valid for the 2012R2 RDS servers)
The issue is that the certificate of the root CA that's in the trusted CA store of all RDS servers is being deleted on a regular base (at least once a day on each RDS-server). I enabled CAPI2 logging, but I couldn't find anything that makes sense. However
I'm able to reproduce this issue in very simple way: if I start IE11 on a RDS-server and browse to the IP-adres or NETBIOS-name of a webserver that host a site that's using a certificate from our PKI (so, it's clear that the URL isn't matching the names entered
in the SAN certificate) and I click on 'Continue to this website (not recommended)', the root CA's certificate is being removed from trusted... Read more

Read other answers
RELEVANCY SCORE 116.4

Is there a rvkroots.exe available for download for the mentioned KB so that I can remediate a Nessus finding?
We are on a disconnected network so windows update is disabled in our network.
In the past we are able to just download rvkroots.exe and push it out to all our Win7 computers.

Read other answers
RELEVANCY SCORE 105.6

Hello 

After Install Windows 7 and windows 10 on  trusted  root certificate  i get minimal Certificate i need all Certificate 

for example ( verisign, comodo)

i work offline ,  no Wsus Server 

Read other answers
RELEVANCY SCORE 102

We have some Win 7 clients on our network and same updated OS and IE on them and connected to same NTP server. When we connect to a secure website (HTTPS) from mentioned clients, we will see various reactions;
some of them connect and open website normally and others show security caution which included "there are issues with the site's certificate chain(net::ERR_cert_authority_invalid)





It is necessary to add this item that I checked certificate publisher on IE and find the intermediate certificate authority of certificate chain in website can not be seen in which have problem.

How is it possible from same updated OS and IE clients, we can see different messages?



How can I solve this issue?

Read other answers
RELEVANCY SCORE 96.8

Very annoying problem.
XP Pro with IE6 on desktop computer.
Trusted Sites contains: https://pilotweb.nas.faa.gov

When ever I go to the following site I get a Security Alert that states that the certificate was issued by a company that I have not chosen to trust...would I like to proceed, or install the certificate. Normally, I just click "YES" to proceed and I get my data. Sometimes I'll re-install the certificate as if it will do any good for next time...but it doesn't.

Here's the URL:

https://pilotweb.nas.faa.gov/geo/fl...Z&icao_id=RDU&icao_id=RWI&radius=10&options=A

Any ideas of what I can do so that this site is always trusted and I no longer get the Security Alert?

Thanks so much,
Tom
 

A:IE6 trusted certificate

Read other 7 answers
RELEVANCY SCORE 95.6

Microsoft certificate snap-in is chaining these two certificates, but take a look at their corresponding names:

ANF Peru CA1
Issuer: 
O = ANF Autoridad de Certificacion
OU = ANF Clase 1 CA
C = ES
CN = ANF Global Root CA
SERIALNUMBER = G63287510
Subject: 
O = ANF AC Entidad de Certificacion Peru SAC
OU = ANF Autoridad Raiz Peru
C = PE
CN = ANF Peru CA1
SERIALNUMBER = 20601216281
ANF Global Root CA
Issuer: 
CN = ANF Global Root CA
SERIALNUMBER = G63287510
E = [email protected]
OU = ANF Clase 1 CA
O = ANF Autoridad de Certificacion
L = Barcelona (see current address at http://www.anf.es/es/address-direccion.html )
S = Barcelona
C = ES
Subject: 
CN = ANF Global Root CA
SERIALNUMBER = G63287510
E = [email protected]
OU = ANF Clase 1 CA
O = ANF Autoridad de Certificacion
L = Barcelona (see current address at http://www.anf.es/es/address-direccion.html )
S = Barcelona
C = ES

So why is MS chaining these certificates if distinguished names doesn't match?.

Read other answers
RELEVANCY SCORE 95.6

Am running XP Pro SP3 on Dell Latitude D820.  All Windows XP & IE updates have been installed.
Suddenly, I am seeing (Topic) appearing when I attempt to login to some websites, even one for software downloaded from this site (Sun Trust...).
Most disturbing is that the login to one of my investment companies is now showing the "..not trusted" pop-up.  This is one of the largest investment companies in the U.S., so I doubt that there is a problem with their certificate, while I could easily believe that my local newspaper (another "not trusted") might not be up to date.
I have Norton installed and updated and have run Hitman, Emsisoft, AdwCleaner & ComboFix without incident but also without the desired result.
Any ideas?

A:Security Certificate not Trusted

Try installing this update http://www.microsoft.com/en-us/download/details.aspx?id=42092
 
It updates the list of root certificates on your PC (theses tell your PC how to recognise certificates that it should trust). The update is not installed automatically with other critical or important updates, so if you've only done those, you may have missed this one.

Read other 7 answers
RELEVANCY SCORE 95.6

My work involves several sites we use on a daily basis. One of these sites (via Chrome) has started coming back as "unsecure", and no fixes I've done are working. I've modified the settings (and then) turned off the warnings, I've added -ignore-certification-error to the shortcut properties, and I've added the site to the list of Trusted Sites. I still keep getting the damn "not secure" warning.

The PCs in question are Dell Optiplex 7040. Does anyone have any other ideas? I've looked at doing Copy To File for the site certification, but the one in question is grayed out.
 

Read other answers
RELEVANCY SCORE 95.6

Hi All ,
How to fix this Vulnerability ?

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :


|-Subject : CN=
|-Issuer  : CN=NACH-HYPERV


https://www.itu.int/rec/T-REC-X.509/en
https://en.wikipedia.org/wiki/X.509

Read other answers
RELEVANCY SCORE 94.8

I understand if I add

Code:

Private Sub workbook_BeforeSave(ByVal SaveAsUI As Boolean, Cancel As Boolean) Sheets("cable 1c").Range("G1").Value = Date
Sheets("cable 1d").Range("G1").Value = Date
Sheets("cable master").Range("D54").Value = Date
Sheets("box master").Range("D54").Value = Date
Sheets("cable 5").Range("B1").Value = Date
End Sub

it will change the date as above.
My problem is that when I start excel up now I get a box that tells me
Macro's are disabled because the security level is set to high and a digitally signed trusted certificate is not attached to the macro.......request the macros be signed by the author using a certificate issued by a certificate authority.
Is says I may encounter this error for the following reasons
....one being
macro security is set to high .... which it is. ... and ...
the application encounters a signed macro, but you selected Disable when prompted by the macro warning dialog when opening the file. Use the following procedure to enable the macro:
Close the file and any other instances of the application currently running on the computer (close all applications that also use the application you are currently running).
Open the file again and examine the certificate of trust details and set the Always trust macros from this publisher box if you trust the certificate issued by the publisher.
Click the Enable button t... Read more

A:Solved: where are the certificate of trust details?

Read other 6 answers
RELEVANCY SCORE 94.4

I use the Chrome Browser for my internet surfing. When I attempt to log on to the Federal Government's website "ebenefits.gov", I get a warning that states "The sites security certificate is not trusted". I tell it to proceed anyway and it goes to the Veterans Administration website where I can check the status of a disability claim I filed last year. With Firefox, you could tell the browser to accept the certificate once, and it never asked presented the error again. With Chrome, you have to do it every time you go to the website. This is a primary government site for the VA and DOD and I trust it. Any idea how I can get Chrome to accept its certificate as valid? Thanks for reading and sharing.
 

A:This site's security certificate is not trusted

Make sure you have the correct date and time on your computer.
 

Read other 2 answers
RELEVANCY SCORE 93.6

Seems Comodo has inserted itself into my list of Trusted Publishers in IE8 and my "Remove" button is disabled. I don't appreciate this one bit, especially since one of the certs has expired. Is this normal or cause for concern? How can I get my Remove option back? Any suggestions much appreciated. Thanks a lot!

A:Comodo Certificate Signing in IE8 Trusted Publishers

i don't see this as an issue but you are right that there should be an opt-out.You could use DelDomains - but. as it states, it will remove everythingFirstly download: DelDomains.infLocate DelDomains.inf right-click and select: InstallNote: you will not see any on-screen action ...This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplied.

Read other 3 answers
RELEVANCY SCORE 93.6

http://myonlinesecurity.co.uk/emet-4-0-emet-detected-ssl-certificate-facebook-com-trusted/

Facebook buttons and links are embedded in so many websites, that any user who has EMET 4.0 installed will get the alert when generally surfing the web. This alert does not mean in this particular case that there is a problem with Facebook or any hijack or divert is taking place. All this “EMET detected that the SSL certificate for *.facebook.com is not trusted” means is that the rule checking the certificates inside EMET has expired on 30 December 2013. It does not mean in this particular case that the Facebook SSL certificate has expired or that anybody is intercepting or diverting your secure SSL connection to Facebook.

There are 3 cures to stop the EMET detected that the SSL certificate for *.facebook.com is not trusted alert message:

By far Cure 1 is the safest to do. All that option 2 does is delay the warning until the new date you set.

1.Update EMET 4.0 to 4.1 by going to Microsoft EMET 4.1 download and download and install EMET 4.1. This installs over the top of EMET 4.0 and retains any specific rules and settings that you have configured yourself.

2.Open up EMET 4.0, click on TRUST ( CONFIGURE CERTIFICATE TRUST) –> Click on the Pinning Rules Tab –> Under Rule Expiration for FacebookCA you can change the rule to expire next month or later and the message will go away. You can set it to when the YahooCA rule will expire on 3/13/2014 if you like and you won’t rece... Read more

Read other answers
RELEVANCY SCORE 92.8

Hi,
I am in the process to deploy EMET in my organization. My goal is to set all the settings using GPO.
As it is indicated in the User Guide 5.2, I already copied the EMET.admx and EMET.adml in the domain server and I managed to set the settings. I run gpupdate /force in the client and it works flawless.
But now, I wanted to configure the Certification Trust as well using the CertTrust.xml included in the EMET package.
how could I manage this globally in the domain?  I dont see any option in the GPO... and unfortunately, we dont use SCCM.
Many thanks in advance.
Jose

Read other answers
RELEVANCY SCORE 91.6

My browsers are hosed.  It seems that my daughter may have downloaded some malware to her computer.  When using the browser, there are all kinds of ads from *.ru websites, the browser opens up new windows, it opens by itself when the browser is closed, when trying to access Google, Youtube or Gmail, there is a security error that says "Google uses an invalid security certificate."  When clicking on links it will often take you a different link or different download.  Sorry for the vague description but I do not know what this is.  I assume it is malware. I ran SpyBot, Malwarebytes, Avast.  Below is the FRST result.  I also attached the addition.  I can post results from those scans as well as DDS, hijackthis, and OTL if needed.  Hope you guys can help. 
 
Stealthy (or not so much now, ugh!)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Student (administrator) on WINDOWS-GTUTOGA (22-12-2015 19:22:57)
Running from C:\Users\Student\Downloads
Loaded Profiles: Student (Available Profiles: Student & Cathy)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in th... Read more

A:Challenge for U! Pups/malware/adware/certificate trust errors

Hello  AstealthyOne, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool .Click on the Scan button.AdwCleaner will begin to scan your computer.After the scan has finished...Click on the Clean button.Press OK when... Read more

Read other 3 answers
RELEVANCY SCORE 91.6

When I go through the MMC, I add the snap in for certificate. When I go through the import process for Trusted People, in Win 7 you can click "show physical stores" and "local computer" becomes an option for "trusted people".
I don't see this in Win 8. I see registry, enterprise, and group policy. Which do I use, or how do I get "local computer" to show up?

Read other answers
RELEVANCY SCORE 90.8

Hi Malwaretips Team,
could someone please help confirm whether the 2 certificates in the screenshot are normal, ie do you have them to
C:\SysinternalsSuite(1)>sigcheck -tv

Sigcheck v2.53 - File version and signature viewer
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals - www.sysinternals.com





Listing valid certificates not rooted to the Microsoft Certificate Trust List:

Machine\FlightRoot:
Microsoft Development Root Certificate Authority 2014
Cert Status: Valid
Valid Usage: All
Cert Issuer: Microsoft Development Root Certificate Authority 2014
Serial Number: 07 8F 0A 9D 03 DF 11 9E 43 4E 4F EC 1B F0 23 5A
Thumbprint: F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB
Algorithm: sha256RSA
Valid from: 4:43 AM 29/05/2014
Valid to: 4:51 AM 29/05/2039
Machine\ROOT:
Microsoft Development Root Certificate Authority 2014
Cert Status: Valid
Valid Usage: All
Cert Issuer: Microsoft Development Root Certificate Authority 2014
Serial Number: 07 8F 0A 9D 03 DF 11 9E 43 4E 4F EC 1B F0 23 5A
Thumbprint: F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB
Algorithm: sha256RSA
Valid from: 4:43 AM 29/05/2014
Valid to: 4:51 AM 29/05/2039

Thank you for your time to help
My machine is scanned very regularly with Emsisoft Malwarebytes Avira and Windows Defender
and exhibits no weird behavior.
 

A:Root Certificate Confrmation

Would make sense if you're running Windows 10. Apparently, it was a bug in an earlier build with Edge.

Xiaoyin Liu on Twitter
 

Read other 1 answers
RELEVANCY SCORE 90.8

Hi there.
I have a laptop running XP Home. IE7 would not install ... and along with it, somethig called Root Certificate Update.
I did some Googling, and the places I found wanted me to find GPEDIT and GPMS.msc (spelling on that one could be wrong) but the computer said these did not exist.

I even successfully installed SP3. All other areas seem to be working fine. It just wil not install that root thing an IE7.

Please adivse.

Thank you.
Don in Tucson
AizA
 

A:IE6 and root certificate update

Have you tried installing the root certificate update separately from IE7? If you run a manual Windows Update and use the "Custom" update option, you can uncheck IE7 and leave the root certificate update selected. Then, install that update and see what happens.

Peace...
 

Read other 2 answers
RELEVANCY SCORE 90.8

Hi all,

I have just been bought some Bluetooth headphones that didn't come with
a Bluetooth receiver so I bought one from Amazon that uses CSR Harmony Stack Software.
I noticed it installed a lot of crap and decided to research it.

I found this post -

https://community.letsencrypt.org/t...s-weak-root-certificate-into-trust-store/1940

If the above is still true what risk is it to me?
Can I lessen the risk at all?
If not then would this constitute grounds for a refund?

Thanks in advance,

Rob
 

Read other answers
RELEVANCY SCORE 90.8

Hi I am Junaid Yousaf from Pakistan, I am having trouble to update the Root Certificate to access a few online activities and to add I am unable to access Microsoft's Websites especially where I could download stuff, it says "Server not found" something which would only pop if my internet connection was dead which isn't the case.

Really glad for your help as followed I have taken the instructions I was pointed to on the forum.

DDS Log....

DDS (Ver_10-10-21.02) - NTFSx86
Run by Psio at 5:04:53.46 on Fri 10/22/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1341 [GMT 5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings... Read more

A:Root Certificate and Microsoft

Another thing I'd like to mention there is something wrong with my PC, I get the ASK.com search engines for no reason, even after attempting a correctly typed email address this search engine shows up, looking forward and apologies for double post I really hope I could find the edit button.

-Regards.

Read other 5 answers
RELEVANCY SCORE 90.8

WinXP just notified me of a "Root Certificate Update"
What exactly is this and is it something I should go ahead and install?
 

A:Root Certificate Update

Yes, it's the updated security certificates for some sites and services.
 

Read other 3 answers
RELEVANCY SCORE 90.8

We are configuring NSS domain.
I was able to import 2 ENTRUST certificates to NSS DB.
Root certificate failed to import
This is a command that I run

%NSS_HOME%\bin\certutil -A -n "entrustRoot" -t "T,C,C" -i C:\AppServer\certificaterequests\cacert.crt -d %AS_HOME%\domains\nssdomain\config

Then I run this command

%NSS_HOME%\bin\certutil -L -n entrustRoot -d %AS_HOME%\domains\nssdomain\config

Received this message

certutil: could not find : EntrustRoot.
:security libary: bad database


Please help

Thank you in advance

Read other answers
RELEVANCY SCORE 90.8

Hello,
Is there a Root Certificate Guru in the house?

Here is my problem.

First I should say I reinstalled Windows XP onto C drive and had my data located on D drive this helps for saving when I get hit with virus's or whatever else. After re-installing on C I try to access the files that I think I encrypted on D I can see them but I cannot copy or use them as I don't have permission to.? If I select the file then advanced properties I see the old me as the owner of the file.

I have tried to apply my root certificate to the files but when I try to add my certificate it will not allow me to?

Any help would be appreciatted. Thanks for reading
 

A:Root Certificate problems???

Read other 7 answers
RELEVANCY SCORE 90.8

Hi I am Junaid Yousaf from Pakistan, I am having trouble to update the Root Certificate to access a few online activities and to add I am unable to access Microsoft's Websites especially where I could download stuff, it says "Server not found" something which would only pop if my internet connection was dead which isn't the case.

Really glad for your help as followed I have taken the instructions I was pointed to on the forum.

DDS Log....

DDS (Ver_10-10-21.02) - NTFSx86
Run by Psio at 5:04:53.46 on Fri 10/22/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1341 [GMT 5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings... Read more

A:Root Certificate and Microsoft

Hello.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right... Read more

Read other 19 answers
RELEVANCY SCORE 90.8

received email (windows Live, Sony Vaio,windows 7, IE vs 8 32 bit)
root
GTE Cyber...
Akamai...
*.createsend...

Security alert re certificate
Downloaded certificate
Cannot open email
cannot delete email
cannot get rid of security alert
tried reboot/restore and a million other things
click on email freezes email program
HELP me get rid of the email!
Tx
 

Read other answers
RELEVANCY SCORE 90.4

so whats up with this error message ??
Revocation information for the security certificate for this site is not available. Do you want to proceed? [Yes] [No] [View certificate]


i know it can be unchecked in security option under advanced. but is that really safe to do ???

Thx


Steven J Einhorn

Read other answers
RELEVANCY SCORE 90

My friend (still on XP-SP3) cannot connect to any secure sites that rely on the Go Daddy root certificate, saying the certificate is corrupt or altered.
I went to the Go Daddy site and downloaded the .crt file and attempted to import it into the secure store but while the Cert Manager reported success, nothing changed that I can tell. The cert is still considered corrupt and the user cannot access certain websites, such as dropbox.com and others.
I have been working in IT for years but have no experience with this particular type of problem Any help would be greatly appreciated.
 

A:Go Daddy Root Certificate is corrupt

One thing I alway check when there are any cert problems is the time and date of the machine. Although I never encountered a corruption problem. A bad date on the machine will render a certificate invalid.
 

Read other 2 answers
RELEVANCY SCORE 90

I am trying to install a vendor?s 64 bit driver on my system running Windows Embedded Standard 7. I am getting errors that the Windows does not have enough information to verify the driver's certificate. 

The vendor has told me that their drivers are digitally signed and that the issue is that my system is not connected to the internet and therefore does not receive windows updates.
They said that if the Windows Root Certificate Program could connect to the internet my issue would be solved.
My system cannot connect to the internet for security reasons. I was wondering if there is any way to fix this issue without connecting to the internet?

Read other answers
RELEVANCY SCORE 90

My client (still on XP-SP3) cannot connect to any secure sites that rely on the Go Daddy root certificate, saying the certificate is corrupt or altered.
I went to the Go Daddy site and downloaded the .crt file and attempted to import it into the secure store but while the Cert Manager reported success, nothing changed that I can tell. The cert is still considered corrupt and the user cannot access certain websites, such as dropbox.com and others.
I have been working in IT for years but have no experience with this particular type of problem   Any help would be greatly appreciated.

A:Go Daddy Root Certificate is corrupt

See http://help.smugmug.com/customer/portal/articles/84385-how-do-i-install-the-godaddy-root-certificate-in-windows- .
 
Louis

Read other 3 answers
RELEVANCY SCORE 90

Hi

I recently had a very nasty infection (zlob dns changer) Which was apparently a rootkit. I don't actually know what a rootkit is but I was made to understand that it is very bad.

I got a lot of help, first from stang777 and then from Dachew. Dachew helped me for four days until we (he) finally eliminated the rootkit.
I can not sing the praises of him and this forum enough.

I am getting an error message on boot which I assume is related to the former rootkit. It says:

validation failed for c\windows\system 32\ vsinit.dll. you are probably missing a necessary root certificate.

Other than getting the message my computer seems to be working normally.

I would greatly appreciate any advice on what it means and what to do about it.

I hope I posted this in the right place, I am still learning how to use this forum.
Jonhut

A:root certificate missing error

This file is a component of ZoneAlarm Firewall. Try uninstalling and reinstalling ZA.

Let me know if this fixes it.

~Blade

Read other 17 answers
RELEVANCY SCORE 89.6

Hello,
I am testing out our first Azure AD joined machine and have instantly ran into an issues 
All web pages are blocked PC doesn't trust websites certificate Error:DLG_FLAGS_INVALID_CA even when going to Google.com
Any advice?

Thomas Faherty

A:All web pages are blocked PC doesn't trust websites certificate Error:DLG_FLAGS_INVALID_CA even when going to Google.com

Figured it out. Becasue this is Azure AD joined and not joined the normal way it was not getting GPOs which means it didn't pick up the certificate for our CA. Once it had that I was good to go. Thomas Faherty

Read other 1 answers
RELEVANCY SCORE 89.6

Hi,
I'm running MS ATA 1.9.7312.32791 and haven't had any issues for close to two years.
I noticed yesterday that I didn't receive my daily emails from MS ATA so this morning I checked the ATA server and my event log is full of this message:
The Microsoft Advanced Threat Analytics Center service terminated unexpectedly.  It has done this 14 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
I went and checked the log files and in the Errors log file I see this message logged over and over:
Error [CertificateExtension] Microsoft.Tri.Infrastructure.Utils.ExtendedException: There are no matching certificates [StoreLocation=LocalMachine StoreName=My thumbprint=660CXXXXXX]
So I checked the certificates on the server and I can't find a certificate with the thumbprint of 660CXXXXXX.
If I look in MMC I do see the certificate for the server and it has shows that it was recently renewed (probably automatically thru Active directory)
I can't access the ATA website on the server to specify the new certificate.
How can I fix this?  Do I need to re-install ATA.  If I re-install will I lose all the information that has already been collected?
Thanks in advance,
Nick

Read other answers
RELEVANCY SCORE 89.2

I have Windows 7 client and Cisco router is configured as Certificate Authority. Cisco calls it IOS CA. How can I do certificate enrollment of Windows 7 client with my Cisco IOS Certificate Authority?

Read other answers
RELEVANCY SCORE 89.2

Hiya

This update addresses the "Certificate Renewal Wizard Concatenates Certificate" issue in Internet Information Services (IIS) 5.0, and is discussed in Microsoft Knowledge Base (KB) Article Q325827. Download now to correct this issue for IIS 5.0

System Requirements
Supported Operating Systems: Windows 2000

Internet Information Services 5.0
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server

http://www.microsoft.com/downloads/...43-c72f-4652-b912-065ee2a83c02&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 89.2

Hi,

Really confusing one here. Since this weekend (16/17 July) we have started getting Certificate errors on some sites and applications. This seems to be due to the structure of the URL compared to the "advertised" name IIS is presenting. I'll try
to explain.
I have a site, Website. This is in my domain, domain.com. Therefore the FQDN is website.domain.com. IIS is running and I can access this site through FQDN,NetBIOS or IP address. Good news.
I create a certificate for the server using the FQDN as the subject, I add the Netbios and IP addresses in the Subject Alternate Names and Bind this to port 443 on the server.
I browse to https://website and all is good. I browse to https://website.domain.com I get a certificate error. Checking the certificate, everything is fine, no errors, chain is trusted. open Chrome and do the same, I get that the certificate website.domain.com
is being presented by Website and may not be the site I want.
Using either URL has never been a problem until this weekend, but it seems that IE/Windows/IIS is not liking any URL that is not EXACTLY what IIS is presenting. so my questions are:-
Is anyone else finding this?
Can we issue a certificate that covers all possible DNS resolutions for a site?
How do I control WHAT IIS advertises itself as?
SO far this has affected two major systems on our network and I can see that more will arise, so any help would be appreciated.

Read other answers
RELEVANCY SCORE 89.2

Can someone walk me through the steps of having Advanced Threat Analytics (ATA) request a new certificate from Active Directory Certificate Services (ADCS)?  I'm not familiar with either product so I will need detailed steps please.  At a high-level
i'm guessing
1. ATA issues a certificate request
2. I send the request to ADCS
3. ADCS issues a cert for that request
4. Install new cert in ATA
I'll need detailed command line statements.  My ATA Center server is named ATASERVER.DOMAIN.ORG, and I but the URL is configured as ATACENTER.DOMAIN.ORG in ATA.  Can the cert handle both the servername and the URL?
Thank you in advance!

Read other answers
RELEVANCY SCORE 89.2

In Internet Explorer, when I get a certificate error, if I continue to the web site, I can then view the certificate to see what was wrong.  However, obviously it would be preferable* to see the certificate
before I make the decision to go to the site.  Is this possible?  I'm sure I could use another browser that does this, or maybe use the F12 developer tools, or write a program.   But I'm looking
for a normal-user way to do it.  I think it used to be possible in Internet Explorer, but this might have been 6.x or even earlier.  Or even
way earlier.  Yep.  I'm that old.  I believe this feature is not in Edge either...unless I'm just missing it.  But I'm using ie11 right now.
*understatement level is set to "high".

Read other answers
RELEVANCY SCORE 89.2

Good day,

I work for a company that uses an ethernet connection and a netgear switch to connect a bunch of trucks together, and then software on the main computer to control all the different trucks and display the data off the trucks, rates, pressures, engine diagnostics etc.

Lately I have had an issue with the software on the main computer locking up. When I checked the event viewer the last couple of times I had a crypt32 error right around the time the software froze. Now I understand why this is happening, because windows is trying to update the root certificates, and I'm not connected to the internet.

The questions I have are:

Do you think it's possible that windows trying to update the root certificates could interfere with the connection between the main computer and the pumps, even for just a split second, to interrupt the software?

And also how would I go about trying to recreate the windows certificate update to see if I can make this issue happen again? Is there a program that runs to update the certificates? I've tried searching the internet and can't find a name or anything. This is the most important part of these questions. Recreating this issue and seeing if it shows up in the event viewer is of the utmost importance to me.

Any help would be greatly appreciated,

Thanks.

Read other answers
RELEVANCY SCORE 89.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:53 AM, on 7/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:... Read more

A:Zone Alarms Missing Necessary Root Certificate

Read other 13 answers
RELEVANCY SCORE 89.2

Hi n thanks for checking this post,

It had been months since id been on the internet so yesterday I updated and i ran S&D, AVG, AdAware, and updated Zone alarm from 5.5 to 6 and all was well.

I left my machine running over night, it was still running in the morning but soon after turned itself off.

Now when i turn it on it give me the same error message box, twice. ( after booting into windows )

" Validation failed for C:\WINDOWS\SYSTEM32\VSINIT.dll. Your probably missing nessassary root certificate. "

I didnt go any further and fist tryed rebooting it a couple of times

sometimes the menue apears transparent and sometimes it seems ok and lauches programms no prob.

but each time the same message comes up twice.

i also tryed system restore to an earler time, same message.

also tryed doing a repair from the Windows XP Pro cd, then i get this message

" file \i386\vgaoem.fon could not be loaded. The error code is 32768 set up cant continue. "

Now this gets me worried and after a search i get different solusions, some alien to me and some conflicting; the only one i tried is

at RUN typing sfc/scannow but windows cant find it.

Now im lost and concerned, any help much apreachated. thanks in advance
 

A:Validation failed, missing root certificate ?? Help!

The commnad is sfc /scannow . notice the space after c and before / . .
 

Read other 3 answers
RELEVANCY SCORE 89.2

Hello Everyone!
This is my first post, basically I received an e-mail today from paypal, when I open it an annoying banner appeares stating my certificate is out of date & stops me doing anything else. I can't delete it & have to use task manager to close windows mail.

If I click for information it tells me it's from GTE cybertrust global root & also referrs to a 248.e.akamai.net. I have Trend Micro Internet Secuity (up to date) & can't imagine a virus has got past.

I have done a system re-store to a date five days earlier, but it's made no difference

I can no longer log onto ebay or paypal which is a problem as I am currently selling.

What is this & how do I get rid of it & get my pc back to normal??
Thanks Robert
 

A:Solved: GTE cybertrust Global Root Certificate

Read other 11 answers