none
Certificate Issue - Linkedin

    Question

  • Hello,

    I have an issue with several of our clients when navigating to us.linkedin.com, it is showing a certificate expiry error. The certificate shown is valid until 30/11/2017.

    If I navigate to the same URL on the same machine using Chrome or Firefox, the correct new certificate is provided and there are no issues.

    I have done the below, but all do not resolve:

    - Tested inside and outside of our proxy (eg so client is going straight to internet)
    - Selected the option to Clear SSL State in IE
    - Used certutil -urlcache * delete to clear all cache
    - Added the Inter CA DigiCert

    Am using IE Version 11.

    I am at a loss as to what this could be - any ideas?

    Thanks,

    Adam.

    • Edited by AdamW_UK Friday, December 15, 2017 3:34 PM
    Friday, December 15, 2017 3:31 PM

All replies

  • Hi,

    the File>Properties menu in IE will tell you which IE security zone the client has mapped us.linkedin.com to.

    Probably it has been mapped to the Trusted Sites zone as us.linkedin.com.

    Tools>Internet Options>Security tab, Trusted Sites icon>Sites button.... remove it from their Trusted sites list.... (you could also use a wildcard domain *.linkedin.com, but...)

    Generally, public access sites like linked in are designed to work in IE's Internet zone (or to put it another way, IE's Internet zone security settings are designed to work with 'well behaved' websites.)

    https works in any IE security zone. The Trusted sites zone has a medium security state, while the intranet zone is medium-high. There is no need to place a public domain site to force it to use https.

    Linked in can also be accessed from the one url (https://linkedin.com). Check that the link used to launch linkedin (desktop shortcut, pinned site, typed address) is the correct address.

    try using the universal address linkedin.com.


    Rob^_^

    Friday, December 15, 2017 9:30 PM
  • Hi Rob,

    Thanks for the reply.

    I have checked the Properties and us.linkedin.com it is under the Internet Zone and this is on Medium-High.

    If you go to www.linkedin.com, this handled by a different certificate, which is fine (https://linkedin.com redirects to www.linkedin.com)

    The reason this has been highlighted is that it appears that some search results link to the us.linkedin.com. So for the average user, they just click on the link and it prompts with the certificate issue, which they then come to IT to resolve.

    When I was googling this issue, the only thing I came across that could be related is that MS forgot to renew the certificate when it expired at the beginning of November, but was renewed within a few days.

    Thank you

    Adam.

    Monday, December 18, 2017 12:25 PM
  • Hi,

    which is your search engine? google uses click through links (they first request the google servers and then redirect to the actual site url...

    commonly users will place their search providers in their IE Trusted sites list to 'get things to work'...this is actually counter intuiative... the Trusted sites list has a medium level, the Internet zone, a medium high level...viz the trusted sites zone is LESS secure than the internet zone. hence the option to allow only https traffic for the Trusted sites zone.

    If they are using the linkedin search provider then it is beyond our/your control.

    <quote>

    "When I was googling this issue, the only thing I came across that could be related is that MS forgot to renew the certificate when it expired at the beginning of November, but was renewed within a few days."

    </quote>

    you may be correct... I think linkedin is one of their 'assets' that they manage or have interests in.

    so.... no more certificate errors?


    Rob^_^


    • Edited by IECustomizer Thursday, December 21, 2017 11:47 AM
    Thursday, December 21, 2017 11:45 AM
  • Hi,

    Thanks for the reply and apologies for the delay in responding.

    The end user may have been using Google to search but we have not added Google to the Security zones (we are in TS environment with GP locking down changes)

    I have been going directly to the URL - eg typing it into the address bar which will bypass searching.

    I have just checked again and the same issue is still occuring.

    I would love to know how and where IE is getting this expired certificate from. It must be a cache somewhere, but only local to IE as other browsers on the same computer work OK?

    Thanks

    Adam.


    Adam

    Wednesday, January 3, 2018 12:40 PM
  • Hi,

    Just to let you know that this is also not working using Internet Explorer on Windows Mobile (though Wifi and Mobile Network). This proves that the certificate must be cached somewhere?

    Thanks,

    Adam


    Adam

    Wednesday, January 3, 2018 12:57 PM
  • Hello,

    Just wanted to check in and report that I am seeing this exact same behavior at a client site, but with the ca.linkedin.com links.

    Only common thing I can find between affected PCs is IE on 32 bit Win7 PCs. Anything newer works just fine

    Wednesday, January 3, 2018 11:42 PM