CPOL Help System

Internet Explorer 7 Certificate Security Issue

When entering the CPOL website, should you experience the error displayed below,
please choose: "Continue to this Website".

IE7 Error



The problem you are reporting is not unique to IE7, but rather a problem that is likely the result of the IE7 upgrade process, and is generally characterized by the error message "This certificate has expired or is not yet valid", or similar message when connecting to an AG1 CP web site.

The "invalid certificate" problem is problematic in that the necessary corrections must be applied at the workstation level. Our office has verified that all our server certificates are valid and unexpired, but they may not be include in your particular workstations' cache of trusted certificates, or you may have an invalid intermediate certificate on the workstation.

Rather than try to enumerate all the various workstation issues and remedies, here are several Microsoft references that detail their recommendations and provide troubleshooting tips.

I. An extremely useful Microsoft source for information discussing certificate information and problems can be accessed at the following URL: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/6049aa3f-9ffe-45e5-b869-4a5696cf23d5.mspx?mfr=true

This link will route you to the "IIS 6.0 Documentation > IIS 6.0 Operations Guide > Security in IIS 6.0 > Certificates" chapter of Microsoft's TechNet technical support facility.

II. You may also find the following procedural extract helpful, although generally you will need to have full administrative access to your computer to execute the procedures described below. This should not be a problem on your home computer, but if you are having problems with your office computer these changes will likely need to be made by your technical support or Helpdesk staff. Procedure to Correct Dated or Damaged Certificates Verify the status of all certificates in the certification path and import missing or damaged certificates from another computer To verify certificates in the certificate path for a Windows or Internet Explorer product update, follow these steps:

  • Step 1: Verify Microsoft certificates
    1. In Internet Explorer, click Tools, and then click Internet Options.
    2. On the Content tab, click Certificates.
    3. On the Trusted Root Certification Authorities tab, double-click Microsoft Root Authority. If this certificate is missing, go on to step 2.
    4. On the General tab, make sure that the Valid from dates are 1/10/1997 to 12/31/2020.
    5. On the Certification Path tab, verify that This certificate is OK appears under Certificate Status.
    6. Click OK, and then double-click the NO LIABILITY ACCEPTED certificate.
    7. On the General tab, make sure that the Valid from dates are 5/11/1997 to 1/7/2004.
    8. On the Certification Path tab, verify that either This certificate has expired or is not yet valid or This certificate is OK appears under Certificate Status.

      Note Although this certificate is expired, the certificate will continue to work. The operating system may not work correctly if the certificate is missing or revoked. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 293781 ( http://support.microsoft.com/kb/293781/) Trusted root certificates that are required by Windows 2000, by Windows XP, and by Windows Server 2003
    9. Click OK, and then double-click the GTE CyberTrust Root certificate. You may have more than one of these certificates with the same name. Check the certificate that has an expiration date of 2/23/2006.
    10. On the General tab, make sure that the Valid from dates are "2/23/1996 to 2/23/2006."
    11. On the Certification Path tab, verify that This certificate is OK appears under Certificate Status.

      Note Although this certificate is expired, the certificate will continue to work. The operating system may not work correctly if the certificate is missing or revoked. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 293781 ( http://support.microsoft.com/kb/293781/) Trusted root certificates that are required by Windows 2000, by Windows XP, and by Windows Server 2003
    12. Click OK, and then double-click Thawte Timestamping CA.
    13. On the General tab, make sure that the Valid from dates are "12/31/1996 to 12/31/2020."
    14. On the Certification Path tab, verify that This certificate is OK appears under Certificate Status.


  • Step 2: Import missing or damaged certificates If one or more of these certificates are missing or corrupted, export the missing or corrupted certificates to another computer, and then install the certificates on your computer. To export certificates on another computer, follow these steps:
    1. In Internet Explorer, click Tools, and then click Internet Options.
    2. On the Content tab, click Certificates.
    3. On the Trusted Root Certification Authorities tab, click the certificate that you want to export.
    4. Click Export, and then follow the instructions to export the certificate as a DER encoded Binary x.509(.CER) file.
    5. After the certificate file has been exported, copy it to the computer where you want to import it.
    6. On the computer where you want to import the certificate, double-click the certificate.
    7. Click Install certificate, and then click Next.
    8. Click Finish, and then click OK.

Please let our Webmaster know if this information has allowed your customers to resolve their certificate problems.

back to HELP Homepage