View the certificate in the Windows Certificate Manager (certmgr.msc). Windows states that "there is not enough information to verify this certificate." When viewing the certificate path, the only certificate shown is the certificate itself (with a yellow exclamation mark), and the status of the certificate indicates: "The issuer of this certificate was not found."
I carefully reviewed the details of the failed certificate to find out why it is different from other certificates. The name of the issuer was clearly correct, so this is not a problem. On the field that caught my attention was “Access to credentials information”, The reason was that it contained additional data with “URL = http: ... name_of_domain.cer”. This link refers to the intranet that the organization uses. I uploaded the certificate to the intranet and installed it on the client. The certificate has become valid and now it shows two certificates in the "certification path"
Conclusions .. It turns out Windows XP is dumb for two reasons:
- Installing a certificate that has a chain for trusted root certificates is not enough for Windows XP. he tries to verify root certificates to the top of the chain (this does not make much sense, since it should be a root certificate, and since Windows 7 does not comply with this behavior and accepts the certificate as valid).
- Because both certificates contain the same common name, Windows XP does not show that the original certificate has a chain. and made tracking problems difficult.
Hope this helps anyone who comes across this in the future. (or not, since support for Windows XP is over, as we all know :))
yoshpe
source share