D
D S
After applying several security changes to client PC's we are now
experiencing a problem where we cannot access certain SSL sites. I have read
virtually every posting and reference to similar problems in newsgroups and
all over the Internet, but none hit the mark.
Here are some important facts:
1. https connections work fine in Firefox to all sites we have tried
2. IE will connect to SSL sites with certificates from a root authority but
not from untrusted roots. In other words, a site with an "invalid"
certificate will not come up. For example, if another site in our
organization is issuing their own certificates, then we would need to click
Yes to proceed to accept it. Sometimes the warning comes up, but not for all
sites. Regardless, it is these sites that generate the 'page cannot be
displayed' error.
3. We applied several security settings according to DISA standards so I am
primarily looking for people who are familiar with those.
I am thinking along the lines of the problem stemming from tightening a
particular communication setting for Windows. I am hoping someone might have
some insight that could save me from testing individual settings one by one.
Cheers,
-David
experiencing a problem where we cannot access certain SSL sites. I have read
virtually every posting and reference to similar problems in newsgroups and
all over the Internet, but none hit the mark.
Here are some important facts:
1. https connections work fine in Firefox to all sites we have tried
2. IE will connect to SSL sites with certificates from a root authority but
not from untrusted roots. In other words, a site with an "invalid"
certificate will not come up. For example, if another site in our
organization is issuing their own certificates, then we would need to click
Yes to proceed to accept it. Sometimes the warning comes up, but not for all
sites. Regardless, it is these sites that generate the 'page cannot be
displayed' error.
3. We applied several security settings according to DISA standards so I am
primarily looking for people who are familiar with those.
I am thinking along the lines of the problem stemming from tightening a
particular communication setting for Windows. I am hoping someone might have
some insight that could save me from testing individual settings one by one.
Cheers,
-David