RE: Certificate Errors on Websites

James Wood — Tue, 17 Jul 2018 17:18:48 GMT

Hi David Ashcroft,

1. Were you able to access this websites before?

2. Did you make any changes to the computer prior to this issue?

Make sure that the Date and Time settings are correct.

Some secure sites require the date and time match the date and time of the secure site. Sometimes, because of incorrect time, the certificates may show up as expired.

Step 1:

Set the Date/time correctly

a. Just double-click on the time in the lower right corner on the Taskbar and set the time correctly.

b. Be sure to check the time, month, date and the year. As soon as it is corrected, this will usually fix this issue.

Step 2:

You may even try to open the website in compatibility mode. Steps to follow:

a. Put the URL link in the address bar

b. Click on Compatibility tab beside the address bar

Here is the link below for reference:

http://www.microsoft.com/windows/internet-explorer/features/easier.aspx

Also refer the below link for more information:

Warning message when a user tries to connect to a secure Web site by using Internet Explorer 7: "There is a problem with this website's security certificate"(It applies to IE8 as well)

http://support.microsoft.com/kb/931850

Step 3:

Reset internet explorer settings and check if it helps.

http://support.microsoft.com/kb/923737

NOTE: The Reset Internet Explorer Settings feature might reset security settings or privacy settings that you added to the list of Trusted Sites. The Reset Internet Explorer Settings feature might also reset parental control settings. We recommend that you note these sites before you use the Reset Internet Explorer Settings feature gmail login.

Hope this information is helpful.

RE: Certificate Errors on Websites

Red_Warrior — Fri, 11 Aug 2017 10:50:24 GMT

Hi David,

Both of those sites rank very well on ssllabs.. generally if your having issues with sites like (updates, or stores) the issue is not with the site itself, but more towards the back end servers. Without https scanning the appliance will simply pass off that connection however there some cases where you may need to make exclusions in your certificate validation.

If you are not using certificate validation or https scanning, it could be the browser or other infrastructure rejecting the certificate.

In regards to pushing out the cert, if you are not using https scanning the only thing that would be good for is presenting dialogue boxes to users (block/war pages or policy violations) all of those pages are stored on an https server that uses that cert. So without it, www.abc.com, policy violation .. applaince presents certificate to the client.. client clicks advanced, allow.. they would then get the "you have been blocked page"

Unfortunately the best way to troubleshoot these issues is wireshark/tcp dump.. or if you export the sophos_log to a syslog server you could search for rsn=1407 check out the full explanation of the sophos log here: wsa.sophos.com/.../index.html