Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Internet Explorer SSL certificate problem Internet
Several times, when going to a site that uses SSL encryption, IE (version 5.2.2) has given me an error message that said something like "Unable to establish a secure connection. There is a problem with the security certificate (issuer unknown). Any information you transmit will be readable by others."

These errors have come from sites that I trust and that IE on win2k gives me no trouble. The problem appears to be in OS X IE's not having all the root certificates it should, as was borne out by comments from one site that I contacted. They say they've bugged MS on this, to no avail.

The workarounds:
  1. Forget IE and use Safari. On the sites I've had trouble with on IE, Safari works great. No problems with the root certs.

  2. Just say "continue" when asked if you want to continue, even though others can read your data. I suspect that IE still goes through a public key exchange, but just cannot guarantee the authenticity of the the server, and for legal reasons says "others can read" to play safe. That would be smarter than not exchanging a key at all, in which case everyone snooping on your connection could read it. While I cannot personally vouch that that's what IE does, it is according to the support at the one site I conversed with.
One last thought: Is it just coincidence that, in this sense, IE works fine on Windows but not OS X? Any conspiracy theories?
    •    
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[22,217 views]  

Internet Explorer SSL certificate problem | 7 comments | Create New Account
Click here to return to the 'Internet Explorer SSL certificate problem' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Internet Explorer SSL certificate problem also affects entourage
Authored by: ryanm on Feb 19, '03 01:08:18PM

The inability of IE5.2.2 extends to the problems with downloading 3rd party certificates. Without these Entourage can not use SSL (as Entourage needs IE to accept the certificates). This was only a problem after the 5.2.1 update to 5.2.2.
I have contacted MS about this but they won't help because our version of Office is an academic license.

Funny enough they first told me to contact Apple with my IE5.2.2 problem. Imagine the Apple tech guys response when I told him that MS told me to contact him.



[ Reply to This | # ]
Internet Explorer SSL certificate problem
Authored by: Anonymous on Feb 19, '03 01:11:02PM

IE will default to non-SSL if it has an option too. For example if you have a site that has both an SSL version and a non-SSL version. IE will give you the error and then continue using the non-SSL version. If it only has SSL to choose from you should be good.

Alternatively you can import the certificate, if you can get your hands on it, into IE. Check www.afp548.com for more info.



[ Reply to This | # ]
Internet Explorer SSL certificate problem
Authored by: bldantes on Feb 19, '03 06:20:28PM
The problem may lie with the HTTPS server and not IE. Global site certificates issued by Verisign are signed by an intermediate certificate authority for which the public key is not in most browsers' default lists. The intermediate certificate is signed by the Verisign root CA for which the public key is in all modern browsers' default lists. The problem is that some sites that use these Verisign Global Certs are not configured properly to "chain" the actual site certificate and the intermediate certificate together in response to an SSL handshake with the browser. All they do is return the server cert for which the browser does not recognize the issuer. The reason this happened to a lot of sites recently (FirstUSA is an example) is because Verisign recently switched from returning the intermediate cert with the signed server cert to requiring their clients to download it off their web site.

It so happens that IE for Windows happens to have this intermediate cert installed (it really shouldn't) - so the misconfigured site doesn't get noticed by the vast majority of users, and the offending webmasters feel no need to notice or fix the problem.

Try the sites that are giving you problems with Mozilla or IE under Windows, which allows you to examine the bad site certificate in detail. If the issuer is "OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 Verisign, OU=Verisign Internation Server CA - Class 3" - this is very likely the problem, and you should contact the webmaster of that site and tell them that they need to check their SSL configuration.

[ Reply to This | # ]

Internet Explorer SSL certificate problem
Authored by: yt00 on Aug 04, '03 04:07:57AM

well, the problem may NOT lie with the HTTPS server but IE.
i did some research on this, and found this:
http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie

i mean, just use safari or quit using Mac..






[ Reply to This | # ]
Internet Explorer/Safari (OSX in general) SSL certificate problem
Authored by: chuckuzzo on Oct 02, '03 07:54:22PM

This one took me a long time to figure out. I have users using Mac browsers complaining about the certificate that I installed in our e-commerce webservers.

1. Go to verisign.com and copy the intermediate CA into /etc/httpd/conf/ssl.crt/gsid.crt. Here is the link to that CA:
http://www.verisign.com/support/install/intermediate.html

2. Add the following lines to your /etc/httpd/conf/httpd.conf:
SSLCACertificatePath /etc/httpd/conf/ssl.crt
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/gsid.crt

3. Restart your apache server

Chuck



[ Reply to This | # ]
Internet Explorer SSL certificate problem
Authored by: ddebenedictis on Oct 20, '03 08:04:24PM

As a secure (SSL) web site operator, we are starting to get complaints from Mac users (both Safari and IE browsers) with this problem. We have Verisign certs. We have tried confirming our configuration with Verisign, and they are in fact telling us their certs do not support Mac. I am wondering if anyone has specific MS IIS configuration instructions to resolve this problem? Thank you for your time.



[ Reply to This | # ]
Internet Explorer SSL certificate problem
Authored by: coneman on Apr 20, '04 09:46:08PM

A common cause of this problem is time/date settings. Check your clock time/date/timezone is correct.



[ Reply to This | # ]