Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Certificate not Trusted


  • Please log in to reply
7 replies to this topic

#1 Whippoorwill

Whippoorwill

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 17 March 2014 - 11:31 PM

Am running XP Pro SP3 on Dell Latitude D820.  All Windows XP & IE updates have been installed.

Suddenly, I am seeing (Topic) appearing when I attempt to login to some websites, even one for software downloaded from this site (Sun Trust...).

Most disturbing is that the login to one of my investment companies is now showing the "..not trusted" pop-up.  This is one of the largest investment companies in the U.S., so I doubt that there is a problem with their certificate, while I could easily believe that my local newspaper (another "not trusted") might not be up to date.

I have Norton installed and updated and have run Hitman, Emsisoft, AdwCleaner & ComboFix without incident but also without the desired result.

Any ideas?



BC AdBot (Login to Remove)

 


m

#2 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:10:44 AM

Posted 18 March 2014 - 01:46 AM

Try installing this update http://www.microsoft.com/en-us/download/details.aspx?id=42092

 

It updates the list of root certificates on your PC (theses tell your PC how to recognise certificates that it should trust). The update is not installed automatically with other critical or important updates, so if you've only done those, you may have missed this one.



#3 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,708 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:44 PM

Posted 18 March 2014 - 06:02 AM

 

Any ideas?

Check the pc time and date first.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:44 AM

Posted 18 March 2014 - 07:57 AM

Certificate errors occur when there is a problem with a certificate or the server's use of the certificate. There are various types and causes of certificate error messages and certificate security alerts. For example if the system time (clock) is not correct it can cause certificate warnings so be sure to check that as a first step in investigating the error as NickAu1 suggested.
 

Why do certificate errors occur?
How do I know there is a certificate error?
Can I go to a website that has a certificate warning?
Can I turn off certificate checking?
I'm getting errors on websites I always visit. What should I do?
Is it ever safe to ignore a certificate warning and continue to a website?
What about expired certificates? Is it okay to go to a website with an expired certificate?

What do the different certificate errors mean?

The following table contains a list of common certificate errors and information about what they mean.
Error Message:
This website’s security certificate has been revoked.
This website’s address does not match the address in the security certificate.
This website’s security certificate is out of date.
This website’s security certificate is not from a trusted source.
Internet Explorer has found a problem with this website’s security certificate.

About certificate errors: WIndows 7
About certificate errors: Windows Vista

Certificate FAQs: WIndows 7
Certificate FAQs: WIndows Vista
Internet Explorer Certificate Errors FAQs
There is a problem with website's security certificate when you visit a secured website in Internet Explorer

Information you exchange...there is a problem with the site's security certificate.
The security certificate was issued by a company you have not chosen to trust.
The name of the security certificate is invalid or does not match the name of the site.
The security certifcate has expired or is not yet valid.
This page contains both secure and nonsecure items.

Common HTTPS Secure Server (SSL) Certificate Errors

* There is a problem with the site's security certificate warning
* Secure and NonSecure Items Warning Message

In general, any website that wants to secure their site or some of it's pages with Secure Sockets Layer (SSL) must obtain a valid certificate from a trusted third party Certificate Authority (CA). A server certificate is used for authentication. There are many different types of certificates and separate certificates for every browser. Web browsers include a number of "root certificates", which belong to CAs and are distributed with 'trust bits' set by default. Browser manufacturers choose whose root certificates to include. A number of well-known CAs, such as Verisign and Geotrust, have their root certificates in all major browsers.

With Microsoft, certification authority providers are required to complete a WebTrust for Certification Authorities audit or provide an equivalent third-party attestation. See Windows Root Certificate Program Members List. All new root certification authorities for Windows are made available to end users through the Windows Update Certificate Trust List (CTL). The Update Root Certificates component in Windows is designed to automatically check the list of trusted authorities on the Microsoft Windows Update Web site when this check is needed by a user’s application. This provides maximum flexibility for CA providers and Microsoft to respond immediately in the event of an unforeseen security issue. Some anti-virus vendors require the installation of the Microsoft Root Certificate update before allowing installation.

If you try to enter a secure website that uses an expired certificate, you will get a secure website warning such as The certificate for "whatever.com" expired date/time GMT. The webmaster should update the certificate(s). When you try to view something on a secure server and get such a message this means you need to download a new certificate. If you choose to agree to accept this certificate you will be able to enter the secure site, providing it is a secure and valid site, and not an exploit or a redirected malicious site.

Useful links to learn more about Certificates and how they work:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Whippoorwill

Whippoorwill
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 18 March 2014 - 10:07 AM

Thanks a lot, especially to "x64."  Downloaded and installed the root certificate update from MS and all is well!

Now, Microsoft, why do we not find out information like this from you?  Or have it included in updates?

(rhetorical question...)

 



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:44 AM

Posted 18 March 2014 - 10:23 AM

You're welcome on behalf of the Bleeping Computer community.

Per Microsoft:

The root update package is made available through the Microsoft Update Catalog. There, users can search for and independently download the update package. You can search for "root certificate update" or the Microsoft Knowledge Base article, "KB931125," and then download the latest root certificate update package.

How to get a Root Certificate update for Windows

If you perform a custom scan when going to Windows Update, root certificate updates will show as an optional update along with any others. From there you can select it individually if you don't want any other optional updates.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:10:44 AM

Posted 18 March 2014 - 02:58 PM

Thanks a lot, especially to "x64."  Downloaded and installed the root certificate update from MS and all is well!

Now, Microsoft, why do we not find out information like this from you?  Or have it included in updates?

(rhetorical question...)

Pleased to be of service.

 

I think that the reasoning behind it, it that the automatic updating built into Microsoft operating systems is tuned to by default guide the user to install patches that significantly improve the security or stability of the software. Updates that add or improve functionality are optional, and delivered as opt-in rather than opt-out. If you've just left automatic updating turned on and assented to it updating whatever it suggested, then you'll have missed the optional updates.

 

You can see a lot more by going to https://update.microsoft.com/ This site will also update other Microsoft software on your system (as opposed to just Windows). As with the automatic updates, it will preselect the important ones, but you can pick others. Note that it can take a VERY long time (over an hour) to evaluate systems. This is a bug with the scanning components. They fixed it 2/3 of the way through 2013, then I think they might have broke it again a month or so ago,

 

x64



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:44 AM

Posted 18 March 2014 - 03:45 PM

Q. Whats the difference between Express and Custom?
A. When you check for updates, you have two options:
Express (recommended) finds all high-priority updates for your computer so you can install them with one click. This is the quickest and easiest way to keep your computer up to date.

Custom finds high-priority and optional updates. You need to review and select the updates you want to install, one by one.

Q. Do I need to install optional updates?
A. No. Optional updates address minor issues or add non-critical functionality to your computer. It is more important to install high-priority updates so that your computer gets the latest critical and security-related software.

Facts About Microsoft Update: Whats the difference between Express and Custom?

Optional updates are not downloaded or installed automatically because they are not vital for the operating system. Optional updates include what Microsoft considers useful software, enhancements and hardware that you can install manually, such as new Microsoft software (Silverlight, Bing Bar, Bing Desktop), root certificates and device drivers.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users