Results 1 to 8 of 8
  1. #1
    Lounger
    Join Date
    Dec 2009
    Location
    Huntley, IL USA
    Posts
    42
    Thanks
    9
    Thanked 1 Time in 1 Post
    Ive got an older tower running XP Pro that suddenly started barking about certificate expirations, both in IE8 and FF3.5. And heres the strange thing, they actually are expired for only this users setting - I have an admin account that works fine. so it appears that certificates are maintained at the user level.

    Its for many Verisign certificates that are used for secure purchases and Facebook.

    Typically, I thought that it was the responsibility of the site to renew its certificates, but these seem to be used by many sites.

    So how do I fix this? I suppose that I could delete the user and copy all the data to a new user home directory, and that might fix it. Ive tried to fix it by removing all the certificates in both IE and FF and they didnt get recreated. I can override some of them in FF, but have had no luck in IE.

    Seems like a bit of a hassle for something that I thought was automatic.

    Or, another thought, has the system been compromised? Doesnt appear to have been, have mcafee running and its up to date, and all windows security fixes have been applied.

    Thoughts?

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,203
    Thanks
    49
    Thanked 989 Times in 919 Posts
    You don't fix it, it's up to the site to keep their certificates up to date.
    What sites (URL) and we will see if we get the same result.

    cheers, Paul

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by WmGoat View Post
    Ive got an older tower running XP Pro that suddenly started barking about certificate expirations, both in IE8 and FF3.5. And heres the strange thing, they actually are expired for only this users setting - I have an admin account that works fine. so it appears that certificates are maintained at the user level.
    You might go to the Microsoft Update site and check for non-emergency updates. I think they regularly add and update root certificates and other certificate related stuff through updates.

  4. #4
    Lounger
    Join Date
    Dec 2009
    Location
    Huntley, IL USA
    Posts
    42
    Thanks
    9
    Thanked 1 Time in 1 Post
    Quote Originally Posted by P T View Post
    You don't fix it, it's up to the site to keep their certificates up to date.
    What sites (URL) and we will see if we get the same result.

    cheers, Paul

    Ive seen it only for this user on the system (I have several other systems that dont have this issue) and its only on this specific user on this specific system.

    Specifically, its facebook.com, jcpenney.com, and rockwell.com. All well known sites, and reputable.

  5. #5
    Lounger
    Join Date
    Dec 2009
    Location
    Huntley, IL USA
    Posts
    42
    Thanks
    9
    Thanked 1 Time in 1 Post
    Quote Originally Posted by jscher2000 View Post
    You might go to the Microsoft Update site and check for non-emergency updates. I think they regularly add and update root certificates and other certificate related stuff through updates.

    That was a great idea, but I already tried that. All ms security fixes and optionals have been applied.

  6. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,203
    Thanks
    49
    Thanked 989 Times in 919 Posts
    Maybe that user has the certificates cached and the cache is broken so you only see old certificates?

    cheers, Paul

  7. #7
    Lounger
    Join Date
    Dec 2009
    Location
    Huntley, IL USA
    Posts
    42
    Thanks
    9
    Thanked 1 Time in 1 Post
    Quote Originally Posted by P T View Post
    Maybe that user has the certificates cached and the cache is broken so you only see old certificates?

    cheers, Paul
    Ill try flushing the cache, but Im not hopeful. Ill try it tomorrow, and if it doesnt work, Ill rebuild the user.

  8. #8
    Lounger
    Join Date
    Dec 2009
    Location
    Huntley, IL USA
    Posts
    42
    Thanks
    9
    Thanked 1 Time in 1 Post
    Problem has been identified with assistance from the Security forum at DSLReports.com

    System clock is off, its says 2002. Resetting the system clock manually fixes issue, so Ill replace the battery later tonight.

    the fact that another user on the same system worked was a red herring that sent me on a wild goose chase, no idea as to why that user allowed secure (https) access, but it did.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •