none
There is a problem with this website's security certificate - affecting many websites

    Question

  • Hello,

    There's a problem across a domain network where many client machines (running Windows 7 and IE 10) are receiving the page:

    Note that I am accessing gov.uk - so there is no way this is an issue with the web server (I can connect to it fine elsewhere). On the Domain Controller (running Windows Server 2012R2) - the page loads fine. I have checked the time/date on the client machines, they are OK. I have tried installing the certificates, which says "Import Successful" but makes no difference in the end.

    Here is what I see on the View Certificate pages:

    Any ideas here?


    Rory Fewell

    (CCNA, MOS)

    Windows Server 2012 and Networking Fundamentals Apprentice

    Visit my site!

    View me on GitHub!


    • Edited by Rory Fewell Wednesday, November 2, 2016 11:23 AM
    Wednesday, November 2, 2016 11:17 AM

Answers

  •          

    Friday, November 4, 2016 4:59 AM
  • Good news!

    I went on the Domain Controller that was able to access the site, and I exported the GlobalSign root cert shown in Yo Mama's screenshot. I placed it on a network share and then imported this cert into the third party root store inside of the Certificates console from MMC on a test machine on the network. This solved the problem; also it's kind of a pain - I'll review the updates as well but for now, exporting the cert from a working machine and importing it on the erroring ones fixes it.

    Thanks for the help! :)


    Rory Fewell

    (CCNA, MOS)

    Windows Server 2012 and Networking Fundamentals Apprentice

    Visit my site!

    View me on GitHub!

    • Marked as answer by Rory Fewell Saturday, November 5, 2016 11:32 PM
    Saturday, November 5, 2016 11:32 PM

All replies

  • Hi Rory,

    Try, Tools>Internet Options>Advanced tab, uncheck "Warn about certificate address mismatch"...

    However, it is not recommended that you leave the above setting unchecked if you are using public access connections....

    One can expect these kind of certificate address mismatch errors, when using public access wireless networks, when the connection is lost and then re-established or if the connection provider's usage limits or download limits is reached. The issue is not seen in other less secure web browsers because they do not test for certificate address mismatch... (MS Edge does though)

    Regards.


    Rob^_^

    • Proposed as answer by Todd Heron Thursday, November 3, 2016 12:03 AM
    • Unproposed as answer by Rory Fewell Thursday, November 3, 2016 9:59 AM
    Wednesday, November 2, 2016 11:58 PM
  • I'll see if I can try that as a workaround. This is coming up within the network, desktop machines that have had no drop-outs. One thing I suspect is that there are missing Windows Updates as I see a lot on WSUS that haven't gone through and the machines still being IE 10, I question it a bit more.

    If that workaround will at least make the page 'work', I'll check if I can do that today, and rollout Windows Updates throughout the week(s) and test until hopefully one them makes the certificates work.

    If you have any other ideas though, or perhaps know what update might help, please let me know! :)


    Rory Fewell

    (CCNA, MOS)

    Windows Server 2012 and Networking Fundamentals Apprentice

    Visit my site!

    View me on GitHub!

    Thursday, November 3, 2016 7:16 AM
  • Yes, it should do that - although even if I explicitly go to https://gov.uk - I still get the same error page.

    Rory Fewell

    (CCNA, MOS)

    Windows Server 2012 and Networking Fundamentals Apprentice

    Visit my site!

    View me on GitHub!

    Thursday, November 3, 2016 8:54 AM
  • In addition, you could also refer to this article and check if it helps.

    "There is a problem with this website's security certificate" when you try to visit a secured website in Internet Explorer

    https://support.microsoft.com/en-us/kb/931850


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 3, 2016 9:46 AM
    Moderator
  • I have tried those, nothing has worked so far. I have unchecked "Warn about certificate address mismatch", I have installed the certificates, I have ran as administrator, I checked the time/date to be correct, I have done a reset of IE and cleared SSL cache. I still get this certificate error, I've really ran out of ideas.

    Is there anything else I can try?


    Rory Fewell

    (CCNA, MOS)

    Windows Server 2012 and Networking Fundamentals Apprentice

    Visit my site!

    View me on GitHub!

    Thursday, November 3, 2016 10:01 AM
  • Good spot! In hindsight I really should have checked the certificates on a working machine first xP

    But nope, I do not see the GlobalSign root cert - my plan is that hopefully this is due to the fact that these machines haven't had Windows Updates assigned for a while. I have just spotted KB3004394 which sounds like it might do the deal, it's apparently not been assigned/installed on any computers yet so I have just assigned it. I'll update this thread when I have some results. :)


    Rory Fewell

    (CCNA, MOS)

    Windows Server 2012 and Networking Fundamentals Apprentice

    Visit my site!

    View me on GitHub!

    Friday, November 4, 2016 8:55 AM
  • Good news!

    I went on the Domain Controller that was able to access the site, and I exported the GlobalSign root cert shown in Yo Mama's screenshot. I placed it on a network share and then imported this cert into the third party root store inside of the Certificates console from MMC on a test machine on the network. This solved the problem; also it's kind of a pain - I'll review the updates as well but for now, exporting the cert from a working machine and importing it on the erroring ones fixes it.

    Thanks for the help! :)


    Rory Fewell

    (CCNA, MOS)

    Windows Server 2012 and Networking Fundamentals Apprentice

    Visit my site!

    View me on GitHub!

    • Marked as answer by Rory Fewell Saturday, November 5, 2016 11:32 PM
    Saturday, November 5, 2016 11:32 PM