Friday, April 15, 2011

Public Certificates from ‘Newer’ Trusted Root Certificate Authorities

Recently we went live with a secure site which was secured using a public certificate issues by a Root Certificate Authority.

During User Acceptance Testing we found that some clients were showing a browser error stating that the certificate had been issued by an untrusted source.

On investigating the issue we found that the Root Certificate Authority which had issued the certificate was not published as a Trusted Root Certificate Authority in the Certificates MMC Snap-In on the clients showing the error. A little further investigation uncovered that the authority in question had only been added to the list in the last twelve months.

The issue was resolved by running Windows updates on the client machines… which had not been done for some time! Two of the Windows Updates amended the Trusted Root Certificate Authority list and once the clients were restarted the certificate warning went away.

Two lessons:

1. Always run your Windows Updates.

2. Choose an authority that has been on the list for a longer period of time.


No comments: