So following on from this thread: Quickly check something for me please? it appears that our Windows 7/8 machines cannot access https://extranet.hse.gov.uk/lfserver/external/F2508IE due to a cert error. Our XP machines are fine.
I can't get my head around the problem as Win 7 is supposed to auto grab certs as it visits pages right? So what can I do about this?
Ok so, the cert it is looking for is "VeriSign Class 3 International Server CA - G3" which is an 'Intermediate Certification Authority" and doesn't appear on our Win 7 machines.
Installed it and the site works.
KB931125 was the latest in Dec 2012. A quick reading would imply it's XP only, but...
Screen Shot 2013-03-07 at 10.55.54.png
They're under the general "updates" classification.
Last edited by pete; 7th March 2013 at 11:01 AM.
sparkeh (7th March 2013)
Yep our certs will not work on W7 until I have run the updates.Updates won't help - windows 7 doesn't get its root certs from windows update, but anyhow the machines are fully patched.
Ok let me slightly revise what I said earlier:
Interesting that they decided to push some out via WSUS.From Windows root certificate program members
Windows Vista, Windows 7
Root certificates on Windows Vista and later are distributed via the automatic root update mechanism – that is, per root certificate. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing) and encounters a new root certificate, the Windows certificate chain verification software checks Microsoft Update for the root certificate. If it finds it, it downloads the current Certificate Trust List (CTL) containing the list of all trusted root certificates in the Program, and verifies that the root certificate is listed there; it then downloads the specified root certificate to the system and installs it in the Windows Trusted Root Certification Authorities Store. If the root certificate is not found, the certificate chain is not completed, and the system returns an error. To the user, a successful root update is seamless. The user does not see any security dialog boxes or warnings. The download happens automatically. In addition, Windows Vista and later client SKUs support weekly pre-fetching from Microsoft Update to check for updated root certificate properties (for example, extended validation (EV), code signing or server authentication properties, which are certificate properties added to a root certificate).
There are currently 1 users browsing this thread. (0 members and 1 guests)