Computer Support Forum

Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

Question: Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

Hi,
I am trying to install CA root certificate on Windows 7, IE 9.
Encounter error: "Untrusted Certificate". "This certificate cannot be verified up to a trusted certificate authority."
I have tried to install the certificate to Trusted Root Certificate Authorities->local computer and import was successful. BUT on IE->Internet Options->Certificate->Trusted Root Certificate Authorities, I am unable to find this root CA on
the list.
On mmc->Certificates->Trusted Root Certificate Authorities->certificates, I am able to view this root CA.
I then restarted the IE and view the ssl site again but failed too, "Untrusted Certificate".
Anyone, any idea ?
Regards,
Eye Gee

Relevance 100%
Preferred Solution: Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Unable to Install Root CA Certificate - Certificate cannot be verified up to a trusted certificate authority.

May the following workarounds work for you:
Workaround 1:
Modify the Windows settings to allow the Update Root Certificate feature to update the root certificates automatically. For details, see the following Microsoft TechNet article:
Certificate Support and Resulting Internet Communication in Windows Server 2008
http://technet.microsoft.com/en-us/library/cc771121(WS.10).aspx
Workaround 2?
If the Update Root Certificate feature cannot automatically update the root certificates, you may contact the website vender to see if there is a hotfix can fix the issue.

8 more replies
Relevance 159.21%

Hello,

I am trying to resolve an issue where multiple client computers in the organisation are using an internally deployed Root CA certificate (before my time and no longer required) to sign the end entity certificate for external websites, google.co.uk
for example. All SSL sites appeared to be affected by this.




However this is not the case as sub domains of sites with issues show the correct cert chain, the below is for mail.google.com




Removing or untrusting this root ca cert breaks access to these sites.

I have reset root certs in various ways, removed machines from the domain, applied no GPOs, manually updated CRL and pulled down updated certs with rootsupd.exe.
It always attempts to use this rouge CA cert to sign the websites cert.

Any assistance would be much appreciated.

More replies
Relevance 141.52%

(I'm cross posting this from
https://answers.microsoft.com/en-us/ie/forum/ie11-windows_7/a-certificate-chain-processed-but-terminated-in-a/e6895c7e-c6b9-4a96-a5f5-a4dcd40b7b45 as directed by the forum moderator there.)
Hello,

First, I have reviewed the other posts with similar questions and noted that I can install the certificate into root certificates and most likely this problem will go away, some specifics:

1) When a client reported this error using a pop.secureserver.net on an outlook 2003 client, I just figured it was godaddy or the REALLY old Outlook client, but nonetheless, I went in to troubleshoot it and was convinced it was godaddy, but when I tried
to start my Outlook 2016 client on my Windows 10 computer on their network, I got the same error.  Two notes are important: 1) I use godaddy as well and 2) I used the same computer at a different client just yesterday without a single error message.
2) They use POP 995 w/ SSL & SMTP 465 w/ SSL to pop.secureserver.net & smtpout.secureserver.net repsectively
3) I called the company that manages their firewall and was told that everything was fine, but was sent a certificate from the firewall that might fix the problem.
4) The firewall company tells me they use a fortinet firewall

I have some questions that I'm hoping one of the experts here can answer for me:

- What in a firewall setup can cause a certificate to fail as listed in the subject?
- Is there a port or configuration change they... Read more

More replies
Relevance 119.48%

Is there a rvkroots.exe available for download for the mentioned KB so that I can remediate a Nessus finding?
We are on a disconnected network so windows update is disabled in our network.
In the past we are able to just download rvkroots.exe and push it out to all our Win7 computers.

More replies
Relevance 113.97%

I'm looking at my TRCA list to guard against man-in-the-middle attacks. It's too large to post here, of course, and mostly they look legit, but are there any rogue CAs for which I should look out? Ones that have caught my eye are 'NO LIABILITY ACCEPTED (c)97 Verisign' and a couple which start 'thawte' as opposed to 'Thawte'.

I'm running Windows 10 in a domain and I don't believe I've installed anything untoward - but that's always the case, isn't it?
 

More replies
Relevance 113.1%

We are experiencing this problem with a few workstations and laptops and what we are currently doing is exporting the CA certificate from a workstation that has it in its store and importing it. The problem with this is that the certificate will eventually
expire and we will have to re import a new one again. I don't believe it is a group policy issue because other computers in the same OU are not missing the certificate.

Cany anyone shed light on how to troubleshoot this or how to force (if possible) the workstation to download the CA certificate?

Thank you in advance.
Jose

More replies
Relevance 113.1%

Hello,
I've a very nasty issue with root CA certificate that's disappearing from the trusted root authorities store. I'll shortly describe the environment: 
- Two tier PKI infrastructure with a offline, standalone root CA and a domain joined Enterprise issuing CA (both W2012R2); root CA certificate is published in AD
- There's a parent and child domain. Issuing CA lives in parent domain (2012R2 domain&forest level)
- Employees are working on a 2012R2 RDS&Citrix XenApp 76 server in the child domain
- In the parent domain several servers are using a SSL certificate signed by the company owned issuing CA; it's a SAN certificate
- The root CA's certificate is in the Trusted Root Certification Authorities store of all member servers in parent & child domain (so, that's also valid for the 2012R2 RDS servers)
The issue is that the certificate of the root CA that's in the trusted CA store of all RDS servers is being deleted on a regular base (at least once a day on each RDS-server). I enabled CAPI2 logging, but I couldn't find anything that makes sense. However
I'm able to reproduce this issue in very simple way: if I start IE11 on a RDS-server and browse to the IP-adres or NETBIOS-name of a webserver that host a site that's using a certificate from our PKI (so, it's clear that the URL isn't matching the names entered
in the SAN certificate) and I click on 'Continue to this website (not recommended)', the root CA's certificate is being removed from trusted... Read more

More replies
Relevance 100.34%

When I go through the MMC, I add the snap in for certificate. When I go through the import process for Trusted People, in Win 7 you can click "show physical stores" and "local computer" becomes an option for "trusted people".
I don't see this in Win 8. I see registry, enterprise, and group policy. Which do I use, or how do I get "local computer" to show up?

More replies
Relevance 99.18%

Hi,

Really confusing one here. Since this weekend (16/17 July) we have started getting Certificate errors on some sites and applications. This seems to be due to the structure of the URL compared to the "advertised" name IIS is presenting. I'll try
to explain.
I have a site, Website. This is in my domain, domain.com. Therefore the FQDN is website.domain.com. IIS is running and I can access this site through FQDN,NetBIOS or IP address. Good news.
I create a certificate for the server using the FQDN as the subject, I add the Netbios and IP addresses in the Subject Alternate Names and Bind this to port 443 on the server.
I browse to https://website and all is good. I browse to https://website.domain.com I get a certificate error. Checking the certificate, everything is fine, no errors, chain is trusted. open Chrome and do the same, I get that the certificate website.domain.com
is being presented by Website and may not be the site I want.
Using either URL has never been a problem until this weekend, but it seems that IE/Windows/IIS is not liking any URL that is not EXACTLY what IIS is presenting. so my questions are:-
Is anyone else finding this?
Can we issue a certificate that covers all possible DNS resolutions for a site?
How do I control WHAT IIS advertises itself as?
SO far this has affected two major systems on our network and I can see that more will arise, so any help would be appreciated.

More replies
Relevance 99.18%

Hiya

This update addresses the "Certificate Renewal Wizard Concatenates Certificate" issue in Internet Information Services (IIS) 5.0, and is discussed in Microsoft Knowledge Base (KB) Article Q325827. Download now to correct this issue for IIS 5.0

System Requirements
Supported Operating Systems: Windows 2000

Internet Information Services 5.0
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server

http://www.microsoft.com/downloads/...43-c72f-4652-b912-065ee2a83c02&DisplayLang=en

Regards

eddie
 

More replies
Relevance 99.18%

In Internet Explorer, when I get a certificate error, if I continue to the web site, I can then view the certificate to see what was wrong.  However, obviously it would be preferable* to see the certificate
before I make the decision to go to the site.  Is this possible?  I'm sure I could use another browser that does this, or maybe use the F12 developer tools, or write a program.   But I'm looking
for a normal-user way to do it.  I think it used to be possible in Internet Explorer, but this might have been 6.x or even earlier.  Or even
way earlier.  Yep.  I'm that old.  I believe this feature is not in Edge either...unless I'm just missing it.  But I'm using ie11 right now.
*understatement level is set to "high".

More replies
Relevance 97.73%

Yesterday i had a problem with one on my computers. Its ok now but when i go on my email accounts. Security certificate could not be verified keeps coming up. Could you direct me to some links that may help me fix this Thank you.

Answer:Security certificate could not be verified

Sounds like it's still not OK now. Can you post a screenshot of what you're describing?

6 more replies
Relevance 97.15%

Hi,
Having some fun with a windows 7 setup of DirectAccess, have it configured to use ECC certificates on the client for the IPSec authentication, which was working brilliantly, we even have it loaded up behind a Citrix Netscaler to do SSL offloading of the
HTTPS tunnel encryption. But when trying to get Client Preauthentication working, we hit a snag, it seems that the NetScalers dont support ECC certificates, which is a pain, but something we thought we could work around by using an RSA certificate on the client
to performed the pre-authentication (as shown here https://directaccess.richardhicks.com/2016/05/10/directaccess-ip-https-preauthentication-using-citrix-netscaler/).
So we have three CA's, CA1/2 issue RSA certs and CA3 is setup to do the ECC ones, so nice separation of the chains.
So we have our Cert chain for RSA loaded into the load balancer and a new cert issued to the client from CA1... But, every time the client connects to the server (LB) we see the handshake taking place, the server sends a list of its DNs (CA1/2) (https://blogs.msdn.microsoft.com/kaushal/2015/05/27/client-certificate-authentication/)
to the client, but then the client looks in its store, picks out the ECC certificate (issued from CA3) and fails to authenticate saying no suitable certificate can be found, its like its not even looking at the RSA one at all.
So, thinking something was wrong with the way the LB was asking for client authentication, I tried deleting the ECC cert a... Read more

More replies
Relevance 97.15%

Hey everyone. I'm setting up a company forum on an internal machine behind the company's firewall. Using standard naming convention, the internal machine will be machine.local, whereas the external FQDN will be machine.company.com.

Obviously, I can't have the common name on the certificate be machine.local, because there is no way to make that name resolve externally. How can I prevent the inevitable "domain name mismatch" error when creating a certificate for the machine behind the firewall?
 

Answer:SSL certificate behind a firewall - Preventing certificate error

Do you really need SSL if you're behind a firewall?

You could create a separate self-signed certificate and manually install it on the clients. Or you could set up your own certificate server and host self-signed ones, then set up clients to trust your own certificate server.

I just did something like this today at work, but fortunately our internal domain is also company.com (we just run separate internal and an external DNS)
 

4 more replies
Relevance 97.15%

Good Day



We have a problem where we encrypted files using EFS, however we can't access or decrypt these files now.

We have the certificate in the certmgr.msc but we do see that the key is missing.



I have reproduced this on another computer and was able to run certutil -repairstore -user MY "Serial Number" which worked in repairing the store and files was decryptable again.

However on the machine that encrypted the files that we need to access this is not the case as there is a popup asking for your Smart Card.

We are not using Smart Cards at all, and have had a look at the following article regarding this issue, but the hotfix didn't work: https://support.microsoft.com/en-us/kb/2955631




I have software that can remove the encryption but will require the .pfx file, which can't be exported as the certstore doesn't show that it still has this.



It is a self signed certificate generated by Windows, so I can't request a new one using the CA.


Thanks for your help in advance.

More replies
Relevance 97.15%

Hello 

After Install Windows 7 and windows 10 on  trusted  root certificate  i get minimal Certificate i need all Certificate 

for example ( verisign, comodo)

i work offline ,  no Wsus Server 

More replies
Relevance 95.41%

I'm more technically inclined, so this problem has fallen to me: We are having a problem with my Girlfriends computer running Vista Home Premium with Incredimail accessing a gmail email account. Every few hours the following pop up window appears:

First it states that it's from Incredimail, then the following: "The server you are connected to is using a security certificate that could not be verified, do you want to continue using this server? Yes / No". I have been clicking Yes thinking the problem would resolve itself.

Three days now and the warning is still appearing.

I'm assuming Incredimail is referring to the gmail servers. I also have a gmail account, the only difference being I'm using Mozilla Thunderbird. I am not receiving any warning of any kind.

Any ideas on what's going on? Any ideas for a fix?

Thanks for your help.
 

Answer:Incredimail on Gmail; Security Certificate Could Not be Verified

Do you get any security warnings when you log in to gmail with a web browser.
Posted via Mobile Device
 

3 more replies
Relevance 95.41%

I keep getting the following error each time I open MS Outlook 2003 the first time after each shutdown:
---------------------------
Internet Security Warning
---------------------------
The server you are connected to is using a security certificate that could not be verified.

The certificate's CN name does not match the passed value.

Do you want to continue using this server?
---------------------------
Yes No
---------------------------

I always respond Yes and it seems to work OK.

More replies
Relevance 94.83%

I'm treading on some ground that is fairly new (yet old) to me and need some advice.

I have a web-based application that is currently on on a closed network that I am needing to make available to the public internet. I would like to secure the connections with SSL, but am not sure if it is necessary to purchase an SSL certificate from a major player (VeriSign). It would seem possible to host my own CA, but I'm not sure what the downside to this would be. I will have face-to-face interaction with each user that will connect to this web app, so if the only downside is an error about trusted sites, I can live with that.

What do you guys think? Is it better to just buy the certificate from a vendor, or is this type of purchase only necessary for less private sites (like shopping carts)?

Also, if using Windows Server 2k3 r2, what precautions would you recommend when using the CA service in this manner? Is it better to have the CA on the same server as the web app, or on a totally separate box?
 

Answer:certificate authority

If both parties trust each other completely, then sign your own certificate. The only downside, like you said, is an error message. The other party can install a certificate locally so that error won't show.

But SSL certs can run as low as $75.

You don't want to run your CA on the same server as your web server if you're signing out multiple certificates. If your CA was compromised, all certs would be compromised. Your CA should not be exposed to the internet and in more secure situations, you would want your CA turned off or disconnected from the network to limit exposure.
 

1 more replies
Relevance 94.25%

Very annoying problem.
XP Pro with IE6 on desktop computer.
Trusted Sites contains: https://pilotweb.nas.faa.gov

When ever I go to the following site I get a Security Alert that states that the certificate was issued by a company that I have not chosen to trust...would I like to proceed, or install the certificate. Normally, I just click "YES" to proceed and I get my data. Sometimes I'll re-install the certificate as if it will do any good for next time...but it doesn't.

Here's the URL:

https://pilotweb.nas.faa.gov/geo/fl...Z&icao_id=RDU&icao_id=RWI&radius=10&options=A

Any ideas of what I can do so that this site is always trusted and I no longer get the Security Alert?

Thanks so much,
Tom
 

Answer:IE6 trusted certificate

7 more replies
Relevance 93.96%

Hi all !

Could somebody please help me out and explain following 4 questions

-> What are the main difference between a a self-sign certification implementation and a PKI?
-> What is the difference in the trust model between X500 certificates and openPGP keys?
-> What is the main difference between file encryption and rights management
-> What are the steps followed within an RM Solution, when a file is protected and authorized user attempts access?

Would be really nice to have a short explanation, not like the one I have myself of a full A4 page

Thanks to all in advance
 

Answer:Certificate authority questions

Sorry but we don't do homework so for that reason, together with the fact that you've posted this on at least two other sites, I'm closing this thread.
 

1 more replies
Relevance 93.96%

Recently purchased a windows XP CD from Ebay ,a legitimate (Dell) unregistered , wrapped CD but with no 25 digit Certificate of Authority (COA) so unable to install.Seller won't answer e-mail but before reporting to Ebay would like to know how I1) can find the COA 2) insatll Les

Answer:Certificate of Authority for CD software

A company that I consult for has just upgrade dall their dells. This involved dumping loads of XP disks. None of them had the COA as they were stuck on the base units. I would suggest that you have be sold a pup. the wording of the Ebay advert is very important and you need to read it carefully...did he advertise an XP disk or a disk and COA. In any case I would nail him pronto.G

2 more replies
Relevance 93.67%

I have a problem with install multiple digital certificate (PKF format) to allow access to one website with different account ID.

Every time I installed the certificate, it is working and allow me access to the website with relevance ID. However, the installed certificate will be missing if I continue to install with another certificate. The way I install the certificate is just double click on the PKF certificate that provided by the website admin, then kept click on the next button until its finish the installation steps. All the certificates will install to "Personal" certificate store folder, but the problem is only one certificate will remain.

I ever try to import all the certificate with using windows certificate manager, is allow me to import all the certificates and able to let me access to the website with select different certificate to login with selected account ID. Anyway this method is only workable if the Internet Explorer is not close after install all the certificates, once the Internet Explorer is close, then all the certificates were gone.

The motioned problem PC is running on Windows XP SP3 with latest update. And the using internet explorer is version 8 with latest update as well.

I had try to reset the Internet Explorer to default, but is not working so, appreciate is anyone can guide me to solve this problem

Answer:PKF certificate missing after new certificate was installed

Under "Content" in Internet Options, are all your certificates there? Mine are. Either your Admin. or the issuer should have your answer. Some PKFs are not compatible with all OSs or Browsers. Try downloading certificates to Firefox or Chrome and see if that works.

2 more replies
Relevance 93.67%

I based my actions amongst others on this source:https://www.adlerweb.info/blog/tag/procurve I am using openssl to create my own CA for my company's switches etc.  and i am having trouble with a number of recent procure switches. I created a root CA (2048 bits rsa, sha1 so as not to make things too difficult)I created a custom TA called "netwerk", uploaded the CA root certificate, so far so good Created a CSR:crypto pki create-csr certificate-name sw1113  ta-profile netwerk usage web subject common-name sw1113 key-size 2048 the rest of the info and extensions like CDP alternative names etc. is being pushed while signing in openssl via an extensions file resulting CSR processed with openssl (keeping it a simple 2048/sha1 leafcertificate) Signed this CSR with the afore mentioned and uploaded root certificate: Resulting PEM pasted to install the generated leaf certificate sw1113(config)# crypto pki install-signed-certificatePaste the certificate here and enter:-----BEGIN CERTIFICATE-----MIIEGjCCAwKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCTkwx.....ASCspazUcVeCueTvvVLr4UPObJB1/IBHKHCwkN7nuaTHuiDD8tQzOlWaxry4MsEFGXojuFv1YtFAtlgLlwxvqndi2NysNyqcnZR1o4l0qe4eSrIlUrCyrvyieK5rdQ==-----END CERTIFICATE-----Certificate being installed is not signed by the TA certificate. So, what is going on? The leaf cert is definitely signed by the root cert that was uploaded as TA cert.    Would really appreciat... Read more

More replies
Relevance 93.38%

I've just installed and got up and running an Exchange 07 server at home to do my own email hosting (for the record, some of my knowledgeable friends think I'm a nutter). It's working brilliantly; however, I need a trusted web server certificate and SBS 08 walks you through "requesting" such a certificate. However, it's not very clear whether this actually results in such a certificate, nor how it might arrive.Most of the time if I access my email etc via Outlook Web Access, I can tell the browser to ignore the fact that the server doesn't have that certificate, however, I can't sync my Windows Mobile phone with the Exchange server as you can't tell it to ignore the absence of the certificate.Which is a long-winded way of saying: can anyone either tell me how to get the certificate; does it cost money (I'm assuming the answer is yes) or point me in the direction of a tutorial somewhere? I haven't turned up much by Googling.Thanks, folks.

Answer:Trusted web server certificate

Cant help,but do agree with your friends lol

2 more replies
Relevance 93.38%

Am running XP Pro SP3 on Dell Latitude D820.  All Windows XP & IE updates have been installed.
Suddenly, I am seeing (Topic) appearing when I attempt to login to some websites, even one for software downloaded from this site (Sun Trust...).
Most disturbing is that the login to one of my investment companies is now showing the "..not trusted" pop-up.  This is one of the largest investment companies in the U.S., so I doubt that there is a problem with their certificate, while I could easily believe that my local newspaper (another "not trusted") might not be up to date.
I have Norton installed and updated and have run Hitman, Emsisoft, AdwCleaner & ComboFix without incident but also without the desired result.
Any ideas?

Answer:Security Certificate not Trusted

Try installing this update http://www.microsoft.com/en-us/download/details.aspx?id=42092
 
It updates the list of root certificates on your PC (theses tell your PC how to recognise certificates that it should trust). The update is not installed automatically with other critical or important updates, so if you've only done those, you may have missed this one.

7 more replies
Relevance 92.22%

Can anyone help with this problem, always appears when searching up sites, with a red line through the https URL address box? Also FB and Youtube appear in written text when accessing them can't access anything on them either no pics, movies etc...

Answer:The sites security certificate is not trusted!

First take as look at your date and time on your taskbar to see if they are correct. If so read HERE

2 more replies
Relevance 92.22%

I use the Chrome Browser for my internet surfing. When I attempt to log on to the Federal Government's website "ebenefits.gov", I get a warning that states "The sites security certificate is not trusted". I tell it to proceed anyway and it goes to the Veterans Administration website where I can check the status of a disability claim I filed last year. With Firefox, you could tell the browser to accept the certificate once, and it never asked presented the error again. With Chrome, you have to do it every time you go to the website. This is a primary government site for the VA and DOD and I trust it. Any idea how I can get Chrome to accept its certificate as valid? Thanks for reading and sharing.
 

Answer:This site's security certificate is not trusted

Make sure you have the correct date and time on your computer.
 

2 more replies
Relevance 92.22%

Whenever I go to add an extension via the google chrome webstore, it loads up a page titled 'security error' which explains that the security certificate is not trusted. Also, if I try to search anything on Google, it either loads up a page that says 'access to proxy requires some authentication' or it loads search results that have nothing to do with the search topic. The Google homepage in question brings up a Google homepage that looks the same as the REAL Google but has slight differences (i.e different sized text) so there is obviously something dodgy going on. I had this problem a while back which resulted in me having to edit a txt file and get rid of a load of websites but I can't remember where. I'm pretty sure it's one of those viruses that hack google (or creates a similar looking site) and redirects you to random sites.

Answer:Google's security certificate not trusted

scratch that! the problem was with the hosts file located in c://windows/system32/drivers/etc/hosts and to fix it i went to the microsoft website where there is a fix that resets your hosts file to the default one, thus fixing the problem. The fix can be found here at the microsoft website http://support.microsoft.com/kb/972...Now I can search on Google fine and have no more issues! =)

3 more replies
Relevance 92.22%

Option "Find Certificate" is missed when I try to edit certificate on another computer using mmc.Could you please let me know how can I solve that? I'm sure I'm admin on the remote machine.

More replies
Relevance 91.93%

is a certificate authority required for a windows domain? I have a domain that spans three locations but all servers are located at a central spot. I have an old exchange box that does nothing but store public folders and it is also a certificate authority. I want to demote that box to a regular box that way I can move the directory to a 2008 level (trying to remove all functions from the old boxes to the new boxes so that I can find what the slow down on my network is)
 

Answer:certificate authority required on a windows domain?

Depends on what your doing. On the most part No.
 

4 more replies
Relevance 91.93%

Hey guys, just wondering if anyone is an expert at CA servers on Windows 2003 domain.

I want to be able to install a test CA (not Computer Associates) server and install certificates for our intranet sites so that I can authorize scripts and programs w/o getting security prompts for end-users.

If I install it on a test server, if removed is there going to be remenance left on AD and if so, any way of checking where it is?

If test server is successful, any recommendation whether to place it on a DC?

Can it be used in place of other certs (thawte or verisign) for servers in public domain?
 

Answer:Certificate Authority server (Windows 2003)

I'm no expert, my experience is limited to setting up a CA for use with an L2TP VPN.

Once you set up the CA it's added to Active Directory, and that computer goes into the "Domain Controllers" OU. I've noticed no ill effects from this, and simply deleting it from the OU again had no real effect. I might be wrong here though. I set up CA on a separate server from the DC, mostly because I never want to touch the DC. No idea on whether its better to do it that way, or to put it on the DC.

I think the point of CA is to allow you to serve up those verisign or thawte certs no?
 

10 more replies
Relevance 91.93%

CNNIC, a certificate authority for the Chinese Government, issued a trusted subordinate (intermediary) certificate to MCS Holdings. This allowed MCS Holding to issue and use a SSL/TLS certificate for any website, but it was expected it would only be used on websites they owned. Instead, it was used internally (and stored in plaintext) to perform a man in the middle attack against all traffic within their company. 
 

 
On Friday, March 20th, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC. 
CNNIC is included in all major root stores and so the misissued certificates would be trusted by almost all browsers and operating systems. Chrome on Windows, OS X, and Linux, ChromeOS, and Firefox 33 and greater would have rejected these certificates because of public-key pinning, although misissued certificates for other sites likely exist.
We promptly alerted CNNIC and other major browsers about the incident, and we blocked the MCS Holdings certificate in Chrome with a CRLSet push. CNNIC responded on the 22nd to explain that they had contracted with MCS Holdings on the basis that MCS would only issue certificates for domains that they had registered. However, rather than keep the private key in a suitable HSM, MCS installed it in a man-in... Read more

More replies
Relevance 91.35%

I have a problem writing to my NAS. The solution for Win 7 was to click on the Certificate Error certificate the device presents in the address bar of IE11, select View Certificates, click on Install Certificates, Click Next, Place all certificates in the following store, Browse and select Trusted Root Certification Authority and Click OK.

How do I do this in Win 10?

Answer:How do you add a local device certificate to the trusted store?

Ctrl Panel\Credential Manager\Windows Credentials

The username is computername\username. Don't forget the comp name prefix.

6 more replies
Relevance 91.35%

http://myonlinesecurity.co.uk/emet-4-0-emet-detected-ssl-certificate-facebook-com-trusted/

Facebook buttons and links are embedded in so many websites, that any user who has EMET 4.0 installed will get the alert when generally surfing the web. This alert does not mean in this particular case that there is a problem with Facebook or any hijack or divert is taking place. All this “EMET detected that the SSL certificate for *.facebook.com is not trusted” means is that the rule checking the certificates inside EMET has expired on 30 December 2013. It does not mean in this particular case that the Facebook SSL certificate has expired or that anybody is intercepting or diverting your secure SSL connection to Facebook.

There are 3 cures to stop the EMET detected that the SSL certificate for *.facebook.com is not trusted alert message:

By far Cure 1 is the safest to do. All that option 2 does is delay the warning until the new date you set.

1.Update EMET 4.0 to 4.1 by going to Microsoft EMET 4.1 download and download and install EMET 4.1. This installs over the top of EMET 4.0 and retains any specific rules and settings that you have configured yourself.

2.Open up EMET 4.0, click on TRUST ( CONFIGURE CERTIFICATE TRUST) –> Click on the Pinning Rules Tab –> Under Rule Expiration for FacebookCA you can change the rule to expire next month or later and the message will go away. You can set it to when the YahooCA rule will expire on 3/13/2014 if you like and you won’t rece... Read more

More replies
Relevance 91.35%

Seems Comodo has inserted itself into my list of Trusted Publishers in IE8 and my "Remove" button is disabled. I don't appreciate this one bit, especially since one of the certs has expired. Is this normal or cause for concern? How can I get my Remove option back? Any suggestions much appreciated. Thanks a lot!

Answer:Comodo Certificate Signing in IE8 Trusted Publishers

i don't see this as an issue but you are right that there should be an opt-out.You could use DelDomains - but. as it states, it will remove everythingFirstly download: DelDomains.infLocate DelDomains.inf right-click and select: InstallNote: you will not see any on-screen action ...This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplied.

3 more replies
Relevance 91.35%

I am trying to configure the SecureAPlus whitelisting settings, and one of the options is to allow anything on the Microsoft Trusted Certificate List to be trusted as an installer.
Is the Microsoft list safe, more or less?
 

Answer:SecureAPlus: Allow Microsoft Trusted Certificate List?

There are circumstances that Microsoft Trusted Certificate can be abused by intruders as meant of bypass which why the configuration is disabled by default as it can reduce the protection.

But still its only a 'circumstance', it can happen but not prevalent anywhere.
 

3 more replies
Relevance 90.77%

Researcher Exposes Flaws in Certificate Authority Web Applications.

SSL certificate validation process easy "to game," he says

-- Tom
 

More replies
Relevance 90.77%

Hello!

I have enterprise Certificate authority working at Windows Server 2008r2. All today available updates from Microsoft are installed on the server. 

Through the web interface in the browser IE11 is impossible to request user certificate - when you press "submit" button for certificate request, nothing happens.

At another PC with IE9 all works fine - i can submit request and recive certificate from CA

I installed all available updates for Windows and IE11, but its not resolve problem. I tryed to add CA to Trusted Sites, to set IE11 security settings to minimal level - it not helps 

I found article which describes this problem https://support.microsoft.com/en-us/kb/2988411 , but I have all necessary updates are installed on IE11, including those referred to in article.

How to solve this problem? Use console to request the certificate does not offer, i must be able to request it via the web interface

More replies
Relevance 89.9%

Hi there.
I have a laptop running XP Home. IE7 would not install ... and along with it, somethig called Root Certificate Update.
I did some Googling, and the places I found wanted me to find GPEDIT and GPMS.msc (spelling on that one could be wrong) but the computer said these did not exist.

I even successfully installed SP3. All other areas seem to be working fine. It just wil not install that root thing an IE7.

Please adivse.

Thank you.
Don in Tucson
AizA
 

Answer:IE6 and root certificate update

Have you tried installing the root certificate update separately from IE7? If you run a manual Windows Update and use the "Custom" update option, you can uncheck IE7 and leave the root certificate update selected. Then, install that update and see what happens.

Peace...
 

2 more replies
Relevance 89.9%

Hi all,

I have just been bought some Bluetooth headphones that didn't come with
a Bluetooth receiver so I bought one from Amazon that uses CSR Harmony Stack Software.
I noticed it installed a lot of crap and decided to research it.

I found this post -

https://community.letsencrypt.org/t...s-weak-root-certificate-into-trust-store/1940

If the above is still true what risk is it to me?
Can I lessen the risk at all?
If not then would this constitute grounds for a refund?

Thanks in advance,

Rob
 

More replies
Relevance 89.9%

received email (windows Live, Sony Vaio,windows 7, IE vs 8 32 bit)
root
GTE Cyber...
Akamai...
*.createsend...

Security alert re certificate
Downloaded certificate
Cannot open email
cannot delete email
cannot get rid of security alert
tried reboot/restore and a million other things
click on email freezes email program
HELP me get rid of the email!
Tx
 

More replies
Relevance 89.9%

Hi I am Junaid Yousaf from Pakistan, I am having trouble to update the Root Certificate to access a few online activities and to add I am unable to access Microsoft's Websites especially where I could download stuff, it says "Server not found" something which would only pop if my internet connection was dead which isn't the case.

Really glad for your help as followed I have taken the instructions I was pointed to on the forum.

DDS Log....

DDS (Ver_10-10-21.02) - NTFSx86
Run by Psio at 5:04:53.46 on Fri 10/22/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1341 [GMT 5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings... Read more

Answer:Root Certificate and Microsoft

Another thing I'd like to mention there is something wrong with my PC, I get the ASK.com search engines for no reason, even after attempting a correctly typed email address this search engine shows up, looking forward and apologies for double post I really hope I could find the edit button.

-Regards.

5 more replies
Relevance 89.9%

Purchased this Acer TravelMate 212TX in Italy -- year 2000 with Windows Me preinstalled.It shows a error message :" Validation failed for C:\\WINDOWS\SYSTEM\VSINIT.DLLYou probably missing a root certificate "System won't connect to web, will not restart to any previous date, won't Troubleshoot, won't start in safe mode; in short, unusableCan anyone , please, have a suggestion to resolve this problem

More replies
Relevance 89.9%

Hi I am Junaid Yousaf from Pakistan, I am having trouble to update the Root Certificate to access a few online activities and to add I am unable to access Microsoft's Websites especially where I could download stuff, it says "Server not found" something which would only pop if my internet connection was dead which isn't the case.

Really glad for your help as followed I have taken the instructions I was pointed to on the forum.

DDS Log....

DDS (Ver_10-10-21.02) - NTFSx86
Run by Psio at 5:04:53.46 on Fri 10/22/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1341 [GMT 5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings... Read more

Answer:Root Certificate and Microsoft

Hello.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right... Read more

19 more replies
Relevance 89.9%

[IMG]click here[/IMG]This message appeared-It saysZone Labs failed- you are missing a root certificateWhat does that mean and what should I do about it?

Answer:Missing Root certificate- what does that mean?

something from zone labs software you have installed, firewall most common, update or uninstall and reinstall. if it only happened once it was probably just that it failed to load on that occasion when windows started.

1 more replies
Relevance 89.9%

Hi Malwaretips Team,
could someone please help confirm whether the 2 certificates in the screenshot are normal, ie do you have them to
C:\SysinternalsSuite(1)>sigcheck -tv

Sigcheck v2.53 - File version and signature viewer
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals - www.sysinternals.com





Listing valid certificates not rooted to the Microsoft Certificate Trust List:

Machine\FlightRoot:
Microsoft Development Root Certificate Authority 2014
Cert Status: Valid
Valid Usage: All
Cert Issuer: Microsoft Development Root Certificate Authority 2014
Serial Number: 07 8F 0A 9D 03 DF 11 9E 43 4E 4F EC 1B F0 23 5A
Thumbprint: F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB
Algorithm: sha256RSA
Valid from: 4:43 AM 29/05/2014
Valid to: 4:51 AM 29/05/2039
Machine\ROOT:
Microsoft Development Root Certificate Authority 2014
Cert Status: Valid
Valid Usage: All
Cert Issuer: Microsoft Development Root Certificate Authority 2014
Serial Number: 07 8F 0A 9D 03 DF 11 9E 43 4E 4F EC 1B F0 23 5A
Thumbprint: F8DB7E1C16F1FFD4AAAD4AAD8DFF0F2445184AEB
Algorithm: sha256RSA
Valid from: 4:43 AM 29/05/2014
Valid to: 4:51 AM 29/05/2039

Thank you for your time to help
My machine is scanned very regularly with Emsisoft Malwarebytes Avira and Windows Defender
and exhibits no weird behavior.
 

Answer:Root Certificate Confrmation

Would make sense if you're running Windows 10. Apparently, it was a bug in an earlier build with Edge.

Xiaoyin Liu on Twitter
 

1 more replies
Relevance 89.9%

WinXP just notified me of a "Root Certificate Update"
What exactly is this and is it something I should go ahead and install?
 

Answer:Root Certificate Update

Yes, it's the updated security certificates for some sites and services.
 

3 more replies
Relevance 89.9%

Hello,
Is there a Root Certificate Guru in the house?

Here is my problem.

First I should say I reinstalled Windows XP onto C drive and had my data located on D drive this helps for saving when I get hit with virus's or whatever else. After re-installing on C I try to access the files that I think I encrypted on D I can see them but I cannot copy or use them as I don't have permission to.? If I select the file then advanced properties I see the old me as the owner of the file.

I have tried to apply my root certificate to the files but when I try to add my certificate it will not allow me to?

Any help would be appreciatted. Thanks for reading
 

Answer:Root Certificate problems???

7 more replies
Relevance 89.9%

We are configuring NSS domain.
I was able to import 2 ENTRUST certificates to NSS DB.
Root certificate failed to import
This is a command that I run

%NSS_HOME%\bin\certutil -A -n "entrustRoot" -t "T,C,C" -i C:\AppServer\certificaterequests\cacert.crt -d %AS_HOME%\domains\nssdomain\config

Then I run this command

%NSS_HOME%\bin\certutil -L -n entrustRoot -d %AS_HOME%\domains\nssdomain\config

Received this message

certutil: could not find : EntrustRoot.
:security libary: bad database


Please help

Thank you in advance

More replies
Relevance 89.03%

Hi

I recently had a very nasty infection (zlob dns changer) Which was apparently a rootkit. I don't actually know what a rootkit is but I was made to understand that it is very bad.

I got a lot of help, first from stang777 and then from Dachew. Dachew helped me for four days until we (he) finally eliminated the rootkit.
I can not sing the praises of him and this forum enough.

I am getting an error message on boot which I assume is related to the former rootkit. It says:

validation failed for c\windows\system 32\ vsinit.dll. you are probably missing a necessary root certificate.

Other than getting the message my computer seems to be working normally.

I would greatly appreciate any advice on what it means and what to do about it.

I hope I posted this in the right place, I am still learning how to use this forum.
Jonhut

Answer:root certificate missing error

This file is a component of ZoneAlarm Firewall. Try uninstalling and reinstalling ZA.

Let me know if this fixes it.

~Blade

17 more replies
Relevance 89.03%

I am trying to install a vendor?s 64 bit driver on my system running Windows Embedded Standard 7. I am getting errors that the Windows does not have enough information to verify the driver's certificate. 

The vendor has told me that their drivers are digitally signed and that the issue is that my system is not connected to the internet and therefore does not receive windows updates.
They said that if the Windows Root Certificate Program could connect to the internet my issue would be solved.
My system cannot connect to the internet for security reasons. I was wondering if there is any way to fix this issue without connecting to the internet?

More replies
Relevance 89.03%

My client (still on XP-SP3) cannot connect to any secure sites that rely on the Go Daddy root certificate, saying the certificate is corrupt or altered.
I went to the Go Daddy site and downloaded the .crt file and attempted to import it into the secure store but while the Cert Manager reported success, nothing changed that I can tell. The cert is still considered corrupt and the user cannot access certain websites, such as dropbox.com and others.
I have been working in IT for years but have no experience with this particular type of problem   Any help would be greatly appreciated.

Answer:Go Daddy Root Certificate is corrupt

See http://help.smugmug.com/customer/portal/articles/84385-how-do-i-install-the-godaddy-root-certificate-in-windows- .
 
Louis

3 more replies
Relevance 89.03%

When I try to surf, I get a message that my 'VerySign Root Certificate is out of date' and the web sites are unobtainable.There is a link to put the situation right, but that is unobtainable too. Help. Peter.

Answer:VeriSign Root Certificate. Out of date?

check your system date, if the date has reset itself to for example October 2000 then the certificates will be invalid.if your clock/date has changed, double click it and change it back to todays date/time.then you should be able to browse the web again.

10 more replies
Relevance 89.03%

Hello,

my certificate is corrupt. i want to replace it. can someone export their certificate and upload it here for me to download and install it?

Location of the certificate:

1. In Internet Explorer, click Tools, and then click Internet Options.
2. On the Content tab, click Certificates.
3. On the Trusted Root Certification Authorities tab, click the GTE CyberTrust Root (2006).
4. Click Export, and then follow the instructions to export the certificate as a DER encoded Binary x.509(.CER)

I'm not sure if the forum would allow it as attachment. If it doesn't, i'd appreciate a link.

Thanks
 

Answer:looking for GTE CyberTrust Root certificate-2006

Found this:




The GTE CyberTrust Root Certificate Expires on February 23, 2006.
There is no replacement. We should remove this root certificate from
our cacerts file.Click to expand...

You might need to explain the need to replace an expired certificate before anyone is willing to help.
The latest GTE certificate expires in 2018 and is probably included if you install this update from Dec. 2013
http://www.microsoft.com/en-us/download/details.aspx?id=41542

I assume this is for a computer running XP because Vista and above get certificates handled by MS in the background.
 

2 more replies
Relevance 89.03%

My friend (still on XP-SP3) cannot connect to any secure sites that rely on the Go Daddy root certificate, saying the certificate is corrupt or altered.
I went to the Go Daddy site and downloaded the .crt file and attempted to import it into the secure store but while the Cert Manager reported success, nothing changed that I can tell. The cert is still considered corrupt and the user cannot access certain websites, such as dropbox.com and others.
I have been working in IT for years but have no experience with this particular type of problem Any help would be greatly appreciated.
 

Answer:Go Daddy Root Certificate is corrupt

One thing I alway check when there are any cert problems is the time and date of the machine. Although I never encountered a corruption problem. A bad date on the machine will render a certificate invalid.
 

2 more replies
Relevance 87.87%

Hello Everyone!
This is my first post, basically I received an e-mail today from paypal, when I open it an annoying banner appeares stating my certificate is out of date & stops me doing anything else. I can't delete it & have to use task manager to close windows mail.

If I click for information it tells me it's from GTE cybertrust global root & also referrs to a 248.e.akamai.net. I have Trend Micro Internet Secuity (up to date) & can't imagine a virus has got past.

I have done a system re-store to a date five days earlier, but it's made no difference

I can no longer log onto ebay or paypal which is a problem as I am currently selling.

What is this & how do I get rid of it & get my pc back to normal??
Thanks Robert
 

Answer:Solved: GTE cybertrust Global Root Certificate

11 more replies
Relevance 87.87%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:53 AM, on 7/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:... Read more

Answer:Zone Alarms Missing Necessary Root Certificate

13 more replies
Relevance 87.87%

Hi n thanks for checking this post,

It had been months since id been on the internet so yesterday I updated and i ran S&D, AVG, AdAware, and updated Zone alarm from 5.5 to 6 and all was well.

I left my machine running over night, it was still running in the morning but soon after turned itself off.

Now when i turn it on it give me the same error message box, twice. ( after booting into windows )

" Validation failed for C:\WINDOWS\SYSTEM32\VSINIT.dll. Your probably missing nessassary root certificate. "

I didnt go any further and fist tryed rebooting it a couple of times

sometimes the menue apears transparent and sometimes it seems ok and lauches programms no prob.

but each time the same message comes up twice.

i also tryed system restore to an earler time, same message.

also tryed doing a repair from the Windows XP Pro cd, then i get this message

" file \i386\vgaoem.fon could not be loaded. The error code is 32768 set up cant continue. "

Now this gets me worried and after a search i get different solusions, some alien to me and some conflicting; the only one i tried is

at RUN typing sfc/scannow but windows cant find it.

Now im lost and concerned, any help much apreachated. thanks in advance
 

Answer:Validation failed, missing root certificate ?? Help!

The commnad is sfc /scannow . notice the space after c and before / . .
 

3 more replies
Relevance 87.87%

Good day,

I work for a company that uses an ethernet connection and a netgear switch to connect a bunch of trucks together, and then software on the main computer to control all the different trucks and display the data off the trucks, rates, pressures, engine diagnostics etc.

Lately I have had an issue with the software on the main computer locking up. When I checked the event viewer the last couple of times I had a crypt32 error right around the time the software froze. Now I understand why this is happening, because windows is trying to update the root certificates, and I'm not connected to the internet.

The questions I have are:

Do you think it's possible that windows trying to update the root certificates could interfere with the connection between the main computer and the pumps, even for just a split second, to interrupt the software?

And also how would I go about trying to recreate the windows certificate update to see if I can make this issue happen again? Is there a program that runs to update the certificates? I've tried searching the internet and can't find a name or anything. This is the most important part of these questions. Recreating this issue and seeing if it shows up in the event viewer is of the utmost importance to me.

Any help would be greatly appreciated,

Thanks.

More replies
Relevance 87.87%

Does anyone know where i can download a root certificate apart from windows updates, because the internet explorer keeps on crahing when searching for updates

Answer:Root Certificate for Windows ME home edition

Try downloading Opera or Firefox and do the update with either of those browsers rather than IE. It is entirely possible you have a nasty that is crashing IE. Once you have another browser installed do an online virus scan at Panda click here

1 more replies
Relevance 87%

Well, I screwed up yet again. If you haven't seen "Firefox Frustration ", I'd recommend that you skim and scan through that first, but I am here with my computer. I need a working computer for school, or else I get lots of F's, so I'm screwed. Please help me. Anyways, I found a ContentWatch (NetNanny) injection on my PC that wasn't trusting Firefox Quantum, so I solved that problem. But, I decided to go into "manage you certificates" in start, I entered trusted root certificates, deleted ContentWatch, and now all websites (except this one) aren't trusted. Is there anyway to undo this? HELP ASAP.
Well, this isn't trusted, but I can bypass it (but not normal websites).
Well, this isn't trusted, but I can bypass it (but not normal websites).

Answer:Certificate Disaster(I need my pc for school help ASAP) (root certififcates)

I'M AT SCHOOL. CRAP SOMEONE HELP.

6 more replies
Relevance 87%

But wait folks...there's even more good news....






Dell customers have turned up a second root certificate installed on some Dell machines, which could make them easy prey for malicious attacks on public Wi-Fi networks.

The second problematic root certificate is called DSDTestProvider. Its discovery follows yesterday's removal by Dell of the dangerous eDellroot certificate from affected Dell PCs.

With DSDTestProvider, once again a Dell support feature has inadvertently exposed customers to attacks that would be trivial to exploit. It is the same security blunder made by rival Lenovo in February with its Superfish adware.

Carnegie Mellon University CERT has warned that the DSDTestProvider certificate, which includes the private key, allows an attacker to create trusted certificates and perform impersonation, man-in-the-middle (MiTM) and passive-decryption attacks.



Dell in hot water again as second 'Superfish' root certificate surfaces | ZDNet


Second Dell Root Certificate Problem Discovered; How To Check For And Remove eDellRoot And DSDTestProvider Security Risks

More replies
Relevance 87%

New certificate handling procedure coming in Firefox 49​
Mozilla would be changing the way Firefox on Windows handles root certificates, David Keeler, Mozilla Engineer, announced yesterday.

Few Firefox users know about the browser's certificate store, a place where the browser stores digital certificates used in the process of establishing encrypted communications.

On Windows, Firefox keeps its own certificate store, which is different from the Windows certificate store that Microsoft uses for Internet Explorer, Edge, but also for applications installed on the PC.

Read more: http://news.softpedia.com/news/firefox-changes-root-certificate-handling-procedures-on-windows-507907.shtml#ixzz4KehZqvir
 

Answer:Firefox Changes Root Certificate Handling Procedures on Windows

 

1 more replies
Relevance 87%

But wait folks...there's even more good news....






Dell customers have turned up a second root certificate installed on some Dell machines, which could make them easy prey for malicious attacks on public Wi-Fi networks.

The second problematic root certificate is called DSDTestProvider. Its discovery follows yesterday's removal by Dell of the dangerous eDellroot certificate from affected Dell PCs.

With DSDTestProvider, once again a Dell support feature has inadvertently exposed customers to attacks that would be trivial to exploit. It is the same security blunder made by rival Lenovo in February with its Superfish adware.

Carnegie Mellon University CERT has warned that the DSDTestProvider certificate, which includes the private key, allows an attacker to create trusted certificates and perform impersonation, man-in-the-middle (MiTM) and passive-decryption attacks.



Dell in hot water again as second 'Superfish' root certificate surfaces | ZDNet


Second Dell Root Certificate Problem Discovered; How To Check For And Remove eDellRoot And DSDTestProvider Security Risks

More replies
Relevance 87%

Hey guys, I'm having a bit of trouble with my Lenovo x220 laptop.

At first I had installed the RTM 10240 version and then updated it to Build 10586. Once I updated I noticed the computer started to behave erratic random freezes at boot up, forcing me to hold the power key down to turn off and reset, would do this a couple of times until it would boot.

Finally I couldn't figure out the problem so on DEC 9, I said "f-it" and formatted the machine with clean build of 10586 using the Microsoft official tool and media creation. Everything seemed to be working fine, drivers and files downloaded and installed automatically. Installed all my programs and customized it the way I like it. Everything seemed to be running fine, last time I used the machine was DEC 13th.

No new programs or software has been installed since that time. At the time I last used it I was just surfing the web and using firefox, and watching youtube. No games, no installs, no new programs, nothing. I double checked program manager, and last time any programs were installed was on DEC 9, but like I said it was working fine since. Today when I booted, Windows installed updates and now on every reset I am getting this particular error on boot,

An attempt to add the root certificate to all known browsers on your computer failed.

And yea, I have no clue what this means or how to solve it. I did already run an /sfc scannow as admin command prompt and everything came back A-OK ....

Can anyone point m... Read more

Answer:Root Certificate Browser Error (started to appear randomly)

really?

3 more replies
Relevance 86.71%

I'm having a problem connecting to a server on DC++. When I try to connect I get this message     TLS disabled, failed to generate certificate: The system cannot find the file specified.I tried to generate a certificate from the settings section in DC++ but when I click the 'Generate Certificate' button it says 'the system cannot find the file specified'Would anyone be able to tell me how to get a TLS certificate, or whatever it is I need, so that I can connect to this hub I'm trying to get into?thanks

More replies
Relevance 86.13%

Hi guys,

I had installed this mapping tool before applying all the Windows Updates and I got this Untrusted Certificate warning error as shown in the image.

Now, I had reinstalled Windows 10 and ran all the updates and then installed this tool which is a NON-Web version, meaning its a program that runs on the desktop but gathers all the mapping data from Bing Maps and so forth.
After when I launched it this time, that message DOES NOT appear now.

So clearly, it had something to do with a Windows Update that updates all Root Certificates.
But the issue is, I really need to know which update is it so next time I can install this Windows Update myself manually.

Anyone know?

Many thanks!

More replies
Relevance 86.13%

Hi guys,

I had installed this mapping tool before applying all the Windows Updates and I got this Untrusted Certificate warning error as shown in the image.

Now, I had reinstalled Windows 10 and ran all the updates and then installed this tool which is a NON-Web version, meaning its a program that runs on the desktop but gathers all the mapping data from Bing Maps and so forth.
After when I launched it this time, that message DOES NOT appear now.

So clearly, it had something to do with a Windows Update that updates all Root Certificates.
But the issue is, I really need to know which update is it so next time I can install this Windows Update myself manually.

Anyone know?

Many thanks!

More replies
Relevance 86.13%

Hello there guys,

I installed ZoneAlarm free firewall yesterday and during the install i recieved an error message saying "Validation failed for Vsmon.exe, this is probably due to a missing root certificate." ZoneAlarm seemed to install fine but it slowed my firefox and IE browsers down to crawling speed, so i uninstalled it, and they seem to be working fine again. I had a look around on the net for info on this 'missing root certificate' and found out that Vsmon.exe is a ZoneAlarm file and that a missing root certificate on my pc can be caused by Malicious software.

So to sum up my issue and question is that 'if' i have missing root certificates on my pc (and it wasnt related to ZoneAlarm) does it mean that i have some sort of hidden malware or even a rootkit that could be causing damage under my nose?

I have Super Antispyware, Avast Antivirus free edition, MalwareBytes Anti-malware, Spy-Bot S&D and windows defender and firewall. Have run scans with all of these (not in safe mode) with nothing malicious showing up. I'ts probly nothing just want to make sure if possible, and here is my Hijack log cheers.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:21:01 PM, on 19/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSAS... Read more

More replies
Relevance 86.13%

Microsoft have pulled the Root Certificate Update for Windows 7 (KB3004394) that was issued earlier this week. Seems it was causing (serious?) problems. Google for KB3004394 and read various articles on this for more info.
Although I've not encountered any issues as such, I discovered it when I went to update my lappie this a.m. and noticed that the update was no longer available (but had installed without apparent issue on my desktop yesterday).

Answer:Microsoft pull Root Certificate Update for Windows 7 (KB3004394)

Just downloaded 12 updates for W7 that I was notified about this morning. So far, everything seems to function okay!.

4 more replies
Relevance 82.07%

Help.  Situation.  I have a Linksys router connected to the internet of which I can successfully connect via my host computer.  I have a wireless connection set up from my laptop.  Compaq, Presario running XP.  When I attempt to connect to the network, I receive the following message.  "wireless Network Connection""Windows was unable to find a certificate to log you on to the network "Name of my network"I have completely removed all my wireless connections from the Wireless network window , then re-populated the networks in range via "view Wireless Networks",  it locates my network (Firenet1106), but never accquires a network address and I get the same certificate message above.I also have a wireless connection set up from another laptop (IMAC) of which it connects successfully.  No problems.Thanks for your help.  I'll be ready to respond if you need more information.

Answer:Unable to locate a certificate

The wireless security settings in your laptop need to be consistent with the settings in your router.  Have you checked this?  This may help: "Windows was unable to find a certificate to log you,on to the network [SSID]"

2 more replies
Relevance 82.07%

Hello all,
I have an acer laptop running windows xp pro that will not log into the secured wifi. I do not even get the box that allows you to put in the password. it can find the connection but comes up with the following message"windows was unable to find a certificate to log you onto the IIIIII00))) network" When I click on the internet icon on the task bar it shows validating identity. In the network connections there is a red ? mark by the wireless connection. When i do the cmd ping option i see that the media is disconnected under ethernet LAN connection. Also IP config shows IP routing enabled-No
WINS proxy enabled-No I am not sure if this is enough info for you to figure out the issue but i am unable at this point to get all the info from the command screens as i have no connection and no stick to transfer info to the other laptop which has no trouble accessing internet.
Many thanks
 

Answer:Unable to find a certificate to log you onto ?????

Hi and welcome.

A quick google search located this:

http://www.wirelessforums.org/alt-i...e-find-certificate-log-you-network-29628.html
 

1 more replies
Relevance 81.2%

OS Version:  Windows 7 Enterprise x 86
IE Version:  IE 11
When a file is being downloaded from an internal website, an error prompt occurs, "certificate is not trusted".
However, it occurs, file can be downloaded properly.
If it can be controlled by Group Policy, please advise
Best solution: an error prompt can be suppressed

More replies
Relevance 81.2%

Please help

I am trying to install OneBridge client onto my mobile phone & when i start to install i get the above error...... I have run a search on this error & cannot find any relevant info.

As always any help would be greatly appreciated x

 

More replies
Relevance 81.2%

I received the following error message: "Windows unable to find a certificate to log you onto the network <NetworkName>

I am attempting to get an aunt's laptop connected to my network to troubleshoot a few problems with it and when attempting to connect to my home network I received the above error. In the network list I see my network just fine but its saying "Validating identity" next to the network name.

Her laptop:

HP Pavilion dv6000
Windows XP

I have already updated the wireless driver for the laptop, at first thinking that was the problem. My router (Netgear WNR 3500) does have encryption on (WPA2-PSK) and I'm seeing that the only option for encryption in the Windows Network setup is WPA-PSK. Could this be the issue?

If not, any thoughts on what the issue is and how to resolve?
 

Answer:Unable to find certificate to log onto network?

Since I have to guess, I think you are attempting to attempt to a LAN through a wireless access point. Sounds more like you have it set to use a RADIUS server for authentication, rather than Pre Shared Key.

If your only encryption option availiable is WPA-PSK, then that is what you should use. Not WPA2, but WPA.

If this does not help, you will need to disclose the physical setup of your network.
 

1 more replies
Relevance 81.2%

Am trying to rejuvenate an old Compaq laptop. I have a D-Link 150N router in the house that connects both my XP desktop (via an adapter) and my Win 7 laptop to the Internet. But when I try to connect to the Internet with the Compaq, it recognizes the existence of the wireless network, but the status is stuck permanently on "Verifying identity" and it continues to say that I'm not connected.

I have seen threads in this forum about deleting the 802.1x IEEE network, but that's not one that's listed. I've also seen instructions to change the security from WPA2 to plain WPA, or from WPA-RADIUS to WPA-PSK, or something like that. But I assume you have to do that by going into the router. WPA2 works perfectly with my two current computers and I don't want to change to plain WPA just to accommodate this old computer for a day while I download a few programs I want to put on it. So the question is, how can I get it to connect without compromising the security setting on the router? Or do I have to be satisfied with a wired connection, which does work.
 

Answer:Solved: Unable to find certificate

8 more replies
Relevance 81.2%

Hi,
I'm feeling really dumb but I can't figure out how to view the details of an SSL certificate in IE11.

On previous version of IE you would simply click on the padlock that appears in the address bar and then select view certificate. On IE11 the padlock does not appear. The particular problem I'm having is that I'm trying to diagnose why Windows 8.1 with IE11
is rejecting a perfectly valid cert. All I get is a screen telling me that there is a problem with the certificate (it says that the cert is revoked) but no details and I can't figure out how to view the details.

More replies
Relevance 81.2%

When I try to connect to my wireless connection, it tries to get an IP address but comes up with the error message "Unable to find certificate". I'm using a wireless adapter simply named: Wireless 11g USB Adapter, and it uses the ZDWLan drivers. I'm not sure if the drivers are the problem; i'm using the same ones as on another computer with the same adapter.I've never had this problem before, and it's a brand new computer, so I have no idea what I can do to fix it. Any help? Thanks in advance, Barney.

More replies
Relevance 81.2%

I have added my work e-mail to my WP 10 Lumia 930, as before on WP 8.1. The account uses activesync, which I have setup successfully as before. I would need to select the certificate to use, but I can't find an option for this. In 8.1 in email accounts -> advanced option there is a button to "automatically select certificate", which would need to be unchecked. I can't find advanced options in WP 10 (neither settings nor account in Outlook). Is this missing or just hidden really well?

More replies
Relevance 81.2%

I use my neighbors wi fi and now when i try to connect i get a bubble off the menu bar that says. ..........WINDOWS IS UNABLE TO FIND A CERTIFICATE TO LOG YOU ON TO THE NETWORK.....also the network list says it is validating identity ...ive been using this network and still am......im doing this from a tablet.................my computer is an acer mini laptop with windows xp............what can I do to fix it ?
 

Answer:windows unable to find a certificate

Please review the rules before posting again. You missed or forgot:

WiFi "Piggybacking" / "Wardriving" - We do not support the act of using someone else's Internet without permission. Also, please note that almost every ISP prohibits sharing your Internet connection with another home, and we will not assist you in breaking their rules.Click to expand...
 

1 more replies
Relevance 81.2%

Could someone please help my granddaughter.Her laptop running Windows XP Professional reports :- Windows was unable to find a certificate to log you onto the network, when she tries to log on to the net on my router, it has always worked ok in the past and my internet connection is ok on my computer.Thanks

Answer:windows was unable to find certificate

click heremight help...

1 more replies
Relevance 80.62%

Microsoft decided that I was having too much fun with Universal Emulator / NESBox so removed it from the store. However, you can still download the .appx package, which I did. When I went to install it I got a certificate error...
I found the certificate and tried to install it; it is a .p7x certificate. However, the obvious and documented ways to import certificates will not install this type of certificate. I even copied the certificate and renamed it something the manager would accept, but that method failed.
Any ideas?

More replies
Relevance 80.62%

With the KIS 18 version, I cannot install the certificate (Encrypted Connections Advanced Settings) and therefore keep getting the "Cannot guarantee authenticity of the domain to which encrypted connection is established" message.

This is very annoying, please help!
 

More replies
Relevance 80.33%

Dear All

I am using Hp520 notebook with Win Xp. When i trying to connect to Wi-Fi, the message flash "Windows was unable to find a certificate to log you on the network". I want to get rid of the problem.

I tried the following:
In the authenciation Tab, i tried to uncheck "Enable IEEE 802.1x" bt it is already disabled and also the box is disabled.

Answer:Windows was unable to find a certificate to log you on the network

Quote:




your wireless router is not setup for certificate security.





Quote:




That's caused by improperly setting the encryption on the Router to WPA-RADIUS instead of WPA-PSK on the client. The router and the client are both trying to find a RADIUS server with which to authenticate. Since you
don't have one, it complains using Microsoft technobabble. Change the
encryption to WPA-PSK (pre-shared key) on both ends.

1 more replies
Relevance 80.33%

Can someone help figure out this problem with one of the laptops in my network please. I have a D-Link DIR-655 router, current on the firmware. Using WPA/WPA2 - Personal , AES encryption.We have several computers, 2 of them using wireless n, an ancient desktop using a Linksys wireless G USB adapter and an old Sony laptop with no built in wireless.
The old Sony can no longer connect to the wireless network unless it is plugged in on the Ethernet connection, using the same Linksys USB connection( a WUSB54GC) that connects the old desktop without any problems gives me a connection to my router but no IP address, and a constant pop up from windows saying Windows was unable to find a certificate to log you on to the network. I've tried setting a static IP, repairing the connection, checked the network properties to make sure IEEE 802.1x authentication for this networkis unchecked(it's totally grayed out) What settings am I missing?:confused
 

Answer:Windows was unable to find a certificate to log you on to the network

For anyone else looking for an answer I may have found the fix, here
http://support.microsoft.com/kb/893357 and the download here
http://support.microsoft.com/kb/917021/
First I will try Service pack3, if that fails (the computer is really old) then I'll try the patch update. I'll post the results.
 

3 more replies
Relevance 80.33%

gaaaaaaaahlkjdrfzvicfjvbljzcbhjxgfdhsjhzbcxjhzgvchjknvb,c
let me just get that out,

my computer was recently ravaged with viruses and i had to reformat.
i reformat.
Now whenever i try to connect it says unable to find a certificate to log you on to youor network.

im using xp and a belkin router.
all other computers on the network work fine....

Ive been readin up and the only solution i can find is "Click on the Authentication tab and now uncheck the Enable IEEE 802.1x authentication for this network box."
This option is greyed out on my computer and i cant click it,
i
have the WZC on, set on a WPA-PSK
ive tried it on both AES and TKIP and still get the same message
any more "AMAZING QUICK FIXES"

Answer:"unable to find you certificate to logon to the network"

System manufacturer and model?

Wireless adapter manufacturer and model?

Louis

2 more replies
Relevance 80.33%

I recently bought two Belkin F5D7320 (v8000, latest firmware) Wireless G routers, and I'm having a very strange problem. I set one up to use WPA-PSK. Using my laptop (running XP Pro SP2), I find the SSID (using the Windows wireless utility), then I double-click on the network. I enter in my WPA key, just like I always would, and it goes through the process of acquiring a network address and all of that, but as it's doing that, I get a bubble alert in the system tray which says "Windows was unable to find a certificate to log you on to the network (SSID)."

The connection seems to still work, though; just I get this message. I have tried a few different laptops, and they get the same message. I have other wireless routers secured with WPA, and I have never gotten that message before using the new Belkin. Out of curiosity, I opened up the second identical Belkin router, applied the same WPA settings, and it seemed to do the exact same thing.

I seriously doubt it's a laptop issue, as I have used the same procedure that I have used countless times to connect to WPA-secured networks, and I have also tried this on a few different laptops, with the same result.

I searched for this message, and people almost immediately suggest that it means either the router or computer are configured to use a Radius server. Well, neither are, as far as I can tell. In fact, here are the settings for my router:

Security Mode: WPA/WPA2-Personal(PSK)
Au... Read more

Answer:Windows was unable to find a certificate to log you on to the network

Each WiFi adaptor has it's own setup utility, eg my Toshiba can with an
Atheros AR5005gs onboad chip and the OEM installed its own connection wizard.

Lots of people have used the MS wireless wizard, but perhaps you need to try the
OEM version.
 

5 more replies
Relevance 80.33%

I tried to change my network settings from WPA2 to WEP last night and like an ***** I screwed it up. I only wanted to change it over temporarily so I could access the wireless network with another device that isn't compatible with WPA2. I ended up having to restore the Linksys router to its default settings. I then tried to recreate the settings it had before with WPA2 before I messed it up. It was on WPA2-Personal, AES, and I changed the network SSID and passwords back from default. Very basic. I didn't set the router up myself originally, though, so there must be something I'm missing.

I am able to connect via Ethernet cable, but when I try going wireless (on both Windows laptops, one XP and one Vista) I get a message saying "Windows was unable to find a certificate to log you on to the network [my SSID]". Most of the searches I ran on Google had people suggesting that I uncheck "Enable IEEE 802.1x authentication" in the laptop's wireless Authentication settings, but that is already unchecked.

Besides, shouldn't the fix have to do with something in the router settings since the wireless was working before I mucked around with the router? The laptop settings remain unchanged from the when wireless used to work so they should be okay, right?

I also tried setting the router up using Wi-Fi Protected Setup, but after the bar loads to the end it says it was unable to connect. Anyone have any suggestions? Or need more info that... Read more

More replies
Relevance 80.33%

Hi,
I started having troubles with my XP machine in the garage out of the blue it started doing this.
I have tried everything I can find with google searches, tried them all still no luck.

Machine is
Windows xp Sp3
Linksys Wusb54gc v3
Dlink825 router

I have checked the time and date,
I have noticed it was auto checking the 801.blah blah in advanced, unchecked.. no joy.
It seems to be reconfiguring my settings, or not saving them.
I go back to check the settings in advanced, and even deleting the preferred network and inputing manually.. and it'll reset options like my security back to open from wpa or wpa2.
My router is setup, and it actually will allow connections from wpa/wpa2 automatically.

I have not had any problems initially setting this up about 3-4 months ago, as I said I have this machine in my garage and use it to pull up pdf service manuals when I need them.
Then today it just keeps doing this, and it's really pissing me off.

also I read someone to do ipconfig /flush dns .. no joy.

everything no joy... arrgg!!!
ohh and signal strength is maxed out.

Answer:XP Wireless Question - Unable to locate Certificate

symp

Try this

Right-click on the Wireless Network Connection icon on the right of the Task Bar and then click on View Available Wireless Networks .

Inside Wireless Network Connection window, click on Change advanced settings under Related Tasks.

Click on the Wireless Networks tab and select the network in the list at the bottom. Click on Properties once you have selected the wireless network that is having problems.

Click on the Authentication tab and see if there is a check next to Enable IEEE 802.1x authentication . If there is uncheck it . Click Ok and see if you could get connected .

3 more replies
Relevance 80.33%

I have suddenly started getting the above message on my laptop
I have read the previous posts and gone through the steps of going into network connections, wireless and properties. The Authentication panel is greyed out but the concerned box is unchecked.
I am having this problem at home and office with this laptop but not with other devices so I am assuming the routers etc are okay.
This is a dell Inspiron running XP prof. Connecting to wireless broadband.
I am unable to perform System Restore as I keep getting the message "cannot restore".
Please help. Thanks
Sajeev

Answer:Unable to find a certificate to connect to internet

Have a look at post #5 here.

8 more replies