none
Unable to load Website which requires a personal certificate IE8 on Windows 7 RRS feed

  • Question

  • Hi

    I have a user who has been migrated from Windows XP to Windows 7 and is now having an issue with accessing one particular website which unfortunately is critical for their job.

    The site requires a personal certificate to work and in Windows XP (IE8) this site is in the Trusted Sites Zone. When you access the site it pops up the certificate verification dialog asking the user to confirm its the correct certificate and when you hit ok, you can access the site.

    On the new Windows 7 PC (IE8) the site is also in the trusted site zone and I have ensured that the same security settings for that zone are applied as we use for XP. The user contacted the website vendor who issued a new certificate which I can see successfully in the certificate store. When the user accesses the site, they get the certificate pop up asking to verify the certificate is correct (which it is), then when they hit ok, they get a page could not be displayed error.

    I have contacted the website support team and all they have been able to do is verify the certificate is correct and then politely inform me that the problem is at my end which is no help at all :(

    I have tried everything I can to ensure the Windows 7 and XP settings are identical yet the site still refuses to load on XP. The vendor is 100% certain the correct certificate is installed and I cannot think of anything else to troubleshoot.

    I have even dropped the site into the local intranet zone which is even less restrictive than the trusted site zone and this also didn't help.

    Is there some different behavior with IE8 Windows 7 and personal certificates than there is for IE8 on XP SP3?

    Thanks in advance for any help.

    Jonathan

    Wednesday, February 5, 2014 9:36 AM

All replies

  • Hi,

    When the user accesses the site, they get the certificate pop up asking to verify the certificate is correct (which it is), then when they hit ok, they get a page could not be displayed error

    nothing to do with certificates.... the problem is navigation into a security zone of lower integrity....

    for the Trusted sites listing use the * notation I/o a hardwired root domain.

    eg. *.domain.com I/0 https://secure.domain.com or http://domain.com

    or

    just remove the Trusted Sites listing... secure pages (https) work just as well mapped to the Internet zone.


    Rob^_^

    Wednesday, February 5, 2014 11:55 PM
  • Hi,

    Have you tried with administrator account?.

    Login with the local administrator of that windows 7 PC and try to access that website.

    Regards,

    Srivishnu.K

    Thursday, February 6, 2014 11:23 AM
  • Thanks for the suggestions,

    I tried the wildcard *.domain for the site and this didn't help (tried it internet, trusted, local).

    Local Admin didn't do the trick either..... the vendor is insisting that certificate is valid and installed correctly, they asked me to clear SSL state as well which I did and again still doesn't work.

    I've tried using Fiddler to see where the web traffic is going, just in case it was looking for another domain that was in a lesser security zone but all traffic seems to be going to the domain I have already entered in trusted sites.

    So my issue is still as follows, if anyone has any further suggestions.

    Certificate is installed in the personal store for the user, the vendor says its valid. When we access the website, we are prompted to verify the certificate is correct (press ok to continue, cancel etc). If we hit ok, we get page not displayed. If we hit cancel, it takes us to the alternate way of gaining access, via a username and password form. We don't have a username / password however as our method of access is certificate.

    We can access this site perfectly in XP and I have copied (as far as I can see) the same security zone settings from our XP Trusted Sites GPO to Windows 7 Trusted Sites GPO, it just refuses to work in Windows 7 for some reason. I'm not sure if some other lockdown setting outwith the security zone settings is causing something funny to happen?

    Thanks in advance.

    Friday, February 7, 2014 9:11 AM
  • Hi,

    If its not working with local administrator account disable UAC. Control panel > Change user account control settings > never notify and then try to access the website if it is still not working check event viewer to see if there is any event regarding to crypt32.dll. 

    Regards,
    Srivishnu.K

    Monday, February 10, 2014 9:16 AM