IE7 is acting strange with SSL

G

Gerry Hickman

Hi,

Some home users were reporting problems entering an SSL enabled site
after upgrading to IE7 (they are on XP).

In order to try and replicate what they were seeing, I decided to use
the IE7 installed on my Vista box at home, but some strange things are
happening.

When I fire up IE7, it loads my home page www.w3c.org, but at the foot
of the screen it says I'm in the Internet zone and "protected mode :
off", that's odd because if I go into Internet Options, then the
Security tab, it says protected mode is "on" for the Internet zone!
What's going on?

I then decided to try the SSL enabled site, it thew up a page saying
there was a problem with the Certificate, you can either close the web
page or "continue", BUT, how can I view the Certificate it says there's
a problem with, WITHOUT clicking Continue? It seems I have to click
continue BEFORE I can examine the certificate - CATCH 22!

I then clicked Continue, and now it DOES let me examine the certificate
by double clicking on the security warning box next to the address bar.
The issue with the certificate is strange; the target website
certificate itself is fine, but the "issuer" part of the certificate
path (which is Verisign) says it's expired! I'm seeing this in the
properties screen where you can view the Certificate Path.

IE6 SP1 and Mozilla both say the certificate is fine, but they only look
at the child part, not the whole path.

As far as I remember all Vista and IE settings are on their defaults.
 
D

Dennis Pack

Gerry:
If you have your home page set as a trusted site, protected mode
will be turned off.
 
G

Gerry Hickman

Hi,

I have NOT set up any trusted sites, and even when I browse to a
different site, such as Google, it still says protected mode is off on
the status bar.

I found more info on the certificate issue; testing in IE6 gives nearly
the same issue (so it's not IE7 related) and I found I had installed
this certificate to Mozilla so that explains why it doesn't give any
warning.

I still want to know why I can't view the certificate BEFORE I accept it
in IE7, this seems like a security flaw (as in poor implementation) to me.

I also want to know why the installing of third party browser extensions
is enabled by default in IE7 when everyone knows this is the single most
popular entry point for SpyWare (along with IE in general, ActiveX and
Toolbars). I also note you can't disable "add ons" until you've been hit
by one, why is this?
 
R

Robert Moir

Hi,

Some home users were reporting problems entering an SSL enabled site
after upgrading to IE7 (they are on XP).

In order to try and replicate what they were seeing, I decided to use
the IE7 installed on my Vista box at home, but some strange things are
happening.

When I fire up IE7, it loads my home page www.w3c.org, but at the foot
of the screen it says I'm in the Internet zone and "protected mode :
off", that's odd because if I go into Internet Options, then the
Security tab, it says protected mode is "on" for the Internet zone!
What's going on?

I then decided to try the SSL enabled site, it thew up a page saying
there was a problem with the Certificate, you can either close the web
page or "continue", BUT, how can I view the Certificate it says there's
a problem with, WITHOUT clicking Continue? It seems I have to click
continue BEFORE I can examine the certificate - CATCH 22!

I then clicked Continue, and now it DOES let me examine the certificate
by double clicking on the security warning box next to the address bar.
The issue with the certificate is strange; the target website
certificate itself is fine, but the "issuer" part of the certificate
path (which is Verisign) says it's expired! I'm seeing this in the
properties screen where you can view the Certificate Path.

IE6 SP1 and Mozilla both say the certificate is fine, but they only
look at the child part, not the whole path.

As far as I remember all Vista and IE settings are on their defaults.
Click to expand...

Just to double-check that, is UAC still switched on and working as expected?

As to your comment later in the thread about not being able to block
add-ins until you already have one, that would be down to sloppy UI
design. In my opinion there is actually quite a lot of that in Vista.
 
G

Gerry Hickman

Hi Robert,
Just to double-check that, is UAC still switched on and working as
expected?
Click to expand...

That's a good point, I'll check it next time round; I had to zap my
Vista test machines, but maybe UAC was off and that's why it says
protected mode is off...
As to your comment later in the thread about not being able to block
add-ins until you already have one, that would be down to sloppy UI
design. In my opinion there is actually quite a lot of that in Vista.
Click to expand...

What about the new version of Windows Explorer Shell? Did anyone win any
prizes?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Vista x32 - Strange SSL System Events 3
Help on installing Certificates in Vista IE7 9
SSL errors in Vista 3
Bogus security alert 6
Certificate Errors in IE7 2
Can't install locally generated certificate .... 6
Persistent Java-related message 4
IE7 get message Certificate Error: Navigation Blocked 4

Top