none
Constant certificate errors

    Question

  • Having a strange problem. On only one Windows 7 machine on my particular network, I constantly get certificate name mismatch errors. These come up on a variety of websites including live.com, ebay.com, and many others. It seems the browser is getting the "wrong" certificate. As an example, I may try hotmail.com. This redirects to login.live.com where I get a certificate error. The certificate presented to the browser is gateway.login.live.com. Or it might be g.msn.com or *.akamai.net or login.skype.com. Seems like its always something related but just not quite right--like some site that hosts the adds or another site from the same corporation. If I try to proceed anyway, I usually wind up with a 404 because the browser uses the URL from the certificate rather than what I typed. I've searched endlessly for some explanation or resolution and have come up with nothing. Some information about this: doesn't matter what browser I use, it's only this one machine, doesn't matter what DNS servers I use, I tried bypassing the router and connecting this machine directly to the ISP--didn't help, have reset browsers, I've cleared caches, cookies, etc. to no avail, updated root certificates and all other Windows updates, reinstalled Windows--nothing has stopped this bizarre behavior. Usually, if I just wait a while, the sites will eventually come up correctly. Lastly, it seems that some sites never suffer from this problem like my bank, etc. Can't figure out the difference between those that work and those that don't, though. Help!

    Please don't ask me to check my clock either...


    - Sugar

    Friday, April 8, 2016 2:41 PM

All replies

  • Reinstalled Windows and it's still happening?  Very strange.

    Have you tried another port on the switch that this machine is plugged into?  Perhaps something weird is happening at the switch/network level.  Just a random thought.

    Friday, April 8, 2016 5:06 PM
  • I didn't try that specifically but I did connect the machine directly to the DSL modem. Same problem unfortunately. Also, as I recall now, I didn't reinstall Windows. I got a new machine! Which is probably even weirder. It's like there's a curse on my desk. I'm starting to think something related to some software I'm using because why would the problem traverse to a new machine but only this one machine?

    - Sugar

    Friday, April 8, 2016 8:24 PM
  • Yeah, when I was first reading about your problem, I thought it was perhaps some kind of malware/virus that is redirecting you.  But if you've got a brand new machine and it's still happening, something else is up.

    Do you use a proxy server?  Any software installed that could explain any type of "redirection"?

    Monday, April 11, 2016 3:02 PM
  • Hi SugarV,

    According to your description, I suggest to startup in Clean Boot and disable antivirus software to avoid the effects of third party software. Then we could use the IE troubleshoot tool to check. Open Control Panel>All Control Panel Item>Troubleshooting>Programs>IE Performance & IE Safety. After that we could open IE in no add-on mode to exclude the influence of plugins. The link below is about how to troubleshooting in no add-on mode

    https://blogs.msdn.microsoft.com/ie/2006/07/25/troubleshooting-and-internet-explorers-no-add-ons-mode/

    Lastly we could try configure trusted Roots and disallowed Certificates. Please check the link below to follow the steps

    https://technet.microsoft.com/en-us/library/dn265983.aspx?f=255&MSPPError=-2147217396

    Hope it will be helpful to you.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, April 12, 2016 12:46 PM
    Moderator
  • I don't use a proxy server. I'm going to take a hard look at all software installed...

    - Sugar

    Tuesday, April 12, 2016 6:30 PM
  • IE 11 is currently installed on my machine. I couldn't seem to find the troubleshooter that applied to this version. I have tried IE in no add-on mode. The problem persists even in this mode. 

    I do all regular Windows Updates (which I believe include root cert updates).

    Some additional info: I primarily use Chrome as my browser. I just ran into the problem trying to reply to this thread. Clicked reply, got redirected to login.live.com and had a cert. error. Cert was l-s.microsoft.com. What is going on here? It's like instead of getting the cert for the site, I get the cert for some little piece of the site. Tried opening in IE--same problem. 


    - Sugar

    Tuesday, April 12, 2016 9:19 PM
  • Verified again that no add-on mode does not help. Also, don't really think it's a browser related setting. I sometimes have problems with Outlook and Communicator. They'll fail to sign in saying there's a problem with the certificate.

    - Sugar

    Wednesday, April 13, 2016 9:13 PM
  • Hi SugarV,

    Thank you for your reply. We could try to manually update the certificates:

    https://support.microsoft.com/en-us/kb/3004394

    Hope it will be helpful to you.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, April 15, 2016 9:42 AM
    Moderator
  • I tried this via the manual download option. (Windows 7 x64). Upon running, the message "This update does not apply to your computer." comes up.

    - Sugar

    Friday, April 15, 2016 6:08 PM
  • Hi SugarV,

    If you had install the certificates it may be prompt this error. We could check the link below to follow the steps

    https://support.microsoft.com/en-us/kb/3057448

    Then I find a similar problem in the link below, I hope it could help for you.

    http://superuser.com/questions/223024/continually-getting-https-certificate-errors-on-all-browsers

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope it will be helpful to you.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, April 22, 2016 12:39 PM
    Moderator
  • Hi Carl,

    I determined that the update package has been superseded by another. My files are newer versions than those in the update.

    I also checked the superuser thread and investigated the points mentioned there--no luck again.

    I've also verified that my list of TRCA certs is complete as well as the ICA list.

    I think the problem is not related to a trust issue. The errors I keep getting are for name mismatch as if my browser is incorrectly grabbing the wrong certificate. Case in point: trying to reply to this thread I got an error. The url is "social.technet.microsoft.com"; my browser presented me with a name mismatch error because the certificate it retrieved was for "i1.social.s-msft.com". 

    I have begun to notice that I only seem to get these problems on websites that are part of "groups" like hotmail/skype/live/outlook where one company has many different secure sites that probably share some common elements. I never get a problem with, say, my bank. All they have is https://www.<bank>.com. I also notice the problem on some sites that have ads. photo.walgreens.com sometimes throws errors when my browser retrieves a certificate for ad.click.<some-ad-company>.com.

    To sum up, it really seems like my browser is retrieving "the wrong" certificate or a cert for some "piece" of the site I am trying to get to.


    - Sugar

    Monday, April 25, 2016 6:20 PM