none
How to bypass "There is a problem with this website's security certificate." on IE9 & Windows7?

    Question

  • Hi

    I did my search and I tried everything that was suggested but I still cannot make IE9 (9.0.8112) on W7 64bit bypass the "There is a problem with this website's security certificate."

    I tried to install the certificate (as suggested here http://support.microsoft.com/kb/931850) and it was confirmed that it was installed but it didn't help.

    I tried to add the web site https://testing/ to trusted sites but it didn't help.

    I tried to untick the "Warn about cerficate address mismatch" & "Enable smartscreen filter".

    The website in question is local site used for automation testing. I was able to get rid of this in IE8.

    Thank you for any help.

    R.

    ------


    • Edited by cimenta Tuesday, July 31, 2012 5:19 AM more info
    Tuesday, July 31, 2012 5:11 AM

Answers

  • Hi,

    Security certificates are issued for given time periods. If IE determines that the current time (from your client computer) does not fall into the server certificate time range, it will give this error.

    Please go to Internet Option -> Content -> Certificates -> Untrusted Publishers -> delete website in the list for a test.


    Niki Han

    TechNet Community Support

    Thursday, August 02, 2012 6:32 AM
    Moderator

All replies

  • Hi,

    In my testing on a local server I don't bother to install a certificate as any certificate that you install will not match your production domain. The last test in the SDLC is to install to production.... there you only need to install and test the certificate once.

    Check that https://testing/ is not already being mapped to the Intranet Zone... (File>Properties) as if it is adding it to your Trusted Sites list there are security zone settings that prevent navigation to zones of lower integrity.

    for testing purposes go Internet Options>Security tab, Intranet Sites Icon, Sites button, uncheck "Automatically detect Intranet network" (I think you may have to close all IE windows and restart it for the changes to take affect).

    for public access sites assume

    that IE users will be using the default IE security zone settings... Internet Options>Security tab, click "Reset all zones to default". by default domains not in any other security zone are mapped to the internet zone.

    Test IE security zone settings by using the slider control on the Internet zone tab to increase/decrease the security level to match the default of other security zones... If your site requires users to place it in the Trusted Sites list, you are doing something wrong.... commonly sites now use sub-domains...

    eg. google.com and account.google.com

    placing just http://www.google.com in their trusted sites list breaks the google auto-login process as they navigate to account.google.com to confirm the users credentials.... the solution is either to add a wildcard domain to the trusted sites list eg. *.google.com or remove google and youtube domains from the Trusted Sites list....

    secure protocol (https) does not require the site to be placed in the users Trusted Sites list....

    the IE Phishing filter will not validate local and intranet domains... test it once in production. Be aware that some AV products provide a site validation service, that may be present in your web pages as a meta tag content value.... eg... the google site verification meta

    Other web browsers do not have the security zone model that IE users..... commonly users say to us "It works in other browsers but not IE"... our stock answer is

    "Reset all security zones to default" (and/or run IE in noAddons mode). So starting IE in noAddons mode should also be in your testing plan.

    Regards.


    Rob^_^

    Tuesday, July 31, 2012 5:57 AM
  • I tried what you suggested but it didn't help.

    R.

    Tuesday, July 31, 2012 6:11 AM
  • I tried to install the certificate (as suggested here http://support.microsoft.com/kb/931850) and it was confirmed that it was installed but it didn't help.

    So the certificate MUST be stored in Root of Trusted Sites Store. This must be selected manually. It is not good enough only to be just clicking OK/Next/Finish ;-)

    R.

    • Edited by cimenta Tuesday, July 31, 2012 6:14 AM
    Tuesday, July 31, 2012 6:13 AM
  • Hi,

    Security certificates are issued for given time periods. If IE determines that the current time (from your client computer) does not fall into the server certificate time range, it will give this error.

    Please go to Internet Option -> Content -> Certificates -> Untrusted Publishers -> delete website in the list for a test.


    Niki Han

    TechNet Community Support

    Thursday, August 02, 2012 6:32 AM
    Moderator