Page MenuHomePhabricator

DigiCert High Assurance EV Root CA is not trusted by IE8
Closed, InvalidPublic


This is the root cert used by * and when I'm browsing Wikipedia on a public computer (or say, just a terminal) it complains about this.

Internet Explorer 8, version 8.0.6001.18702
Windows Server 2003, version 5.2 (3790.srv03_sp2_gdr.101019-0340)

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Unbreak Now!.Nov 22 2014, 12:07 AM
bzimport added projects: HTTPS, acl*sre-team.
bzimport set Reference to bz33657.
bzimport added a subscriber: Unknown Object (MLST).

Created attachment 9840


The attached cert is the one in question (the one IE8 complains about).

Which URL are you hitting where it complains?

works for me on ... so, yes, a URL would help

works for me on with IE8 v 8.0.6001.19170 ... so, yes, a URL would help

(In reply to comment #5)

works for me on ... so, yes, a URL would help

I simply typed and triggered this error.

Windows Server 2003...

Since this root is pretty 'new' (November 2006), it might be that it is not in the set of default rootcertificates recognized by the Operating System.... To confirm, you could try with Firefox 8 or 9. It maintains it's own collection of trusted rootcertificates, so it will probably work because it's not dependent on the collection shipped in Windows Server.

If confirmed, there are the following possible solutions that I can think of.

  • i think it is possible to cross sign the * certificate to make it work with older collections of root certificates (not sure though if digicert still offers this feature....)
  • manually update your windows server 2003 with newer root certificates....

I'm pretty sure MS pushed the new root certs out to the 03 boxes, But I can't remote in to confirm it on mone.

Oh. There's about a billion reasons this could fail on Windows Server. You *really* aren't supposed to web browse on Windows Server systems, and Microsoft tries their hardest to make it impossible.

If it's working with IE 8 in other versions of Windows, I'm happy.