Announcement

Collapse
No announcement yet.

Allowing Root Certificate Updates through the firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Allowing Root Certificate Updates through the firewall

    When in doubt, I always come to Petri Forums.

    I have a windows 7 computer that does nothing but browse to a specific HTTPS website. It is locked down via the trick of setting up a proxy to 127.0.0.1 and settings a specific site in the proxy override. It has worked for years, and now the vendor changed their SSL provider to GeoTrust. IE cannot verify the CA, and is giving a certificate error when browsing to the website. I have changed the proxy override to include:

    Code:
    http://windowsupdate.microsoft.com;http://*.windowsupdate.microsoft.com;https://*.windowsupdate.microsoft.com;http://*.update.microsoft.com;https://*.update.microsoft.com;http://*.windowsupdate.com;http://download.windowsupdate.com;http://download.microsoft.com;http://*.download.windowsupdate.com;http://test.stats.update.microsoft.com;http://ntservicepack.microsoft.com
    based on a TechNet article I found, and it still does not update. I tried running the certupd.exe (or something like that) and also downloading from the Windows catalog the Windows 7 Root Certificate Updates on the admin account, but it still does not allow it through on the standard user (locked down) account.

    If I disable the proxy and browse to the site, it goes through. And then I re-enable the proxy and it continues to work fine, but I don't want to have to do this on 100 computers that I need to. I am looking for a way to script it. If I can only find the website needed to be placed in the proxyoverride, I can fix this.

    I am coming here for help. Does anyone know what website needs to be placed in that proxyoverride field to get this to work?

    Thanks.

  • #2
    Re: Allowing Root Certificate Updates through the firewall

    Well, I couldn't figure it out, so I wrote a script to disable the LAN proxy, open the site in question, wait 45 seconds for it to contact the root update and update accordingly and load the page, then kill IE and re-enable the proxy. It was the only thing we could think of.

    Comment


    • #3
      Re: Allowing Root Certificate Updates through the firewall

      Thanks for posting your solution.

      I have another thing you may like to consider. There is a group policy that handles proxy exceptions.
      Configuring the Microsoft Proxy Bypass List via GPO and Internet Explorer
      http://www.dezignnet.com/docs/MS_ProxyBypass.asp

      This could help you.

      Edit**
      I just read the URL, this policy can be applied as a domain GPO, the URL refers to Local.
      Attached Files
      Last edited by uk_network; 15th October 2013, 23:33.
      Please remember to award reputation points if you have received good advice.
      I do tend to think 'outside the box' so others may not always share the same views.

      MCITP -W7,
      MCSA+Messaging, CCENT, ICND2 slowly getting around to.

      Comment


      • #4
        Re: Allowing Root Certificate Updates through the firewall

        Originally posted by uk_network View Post
        Thanks for posting your solution.

        I have another thing you may like to consider. There is a group policy that handles proxy exceptions.
        Configuring the Microsoft Proxy Bypass List via GPO and Internet Explorer
        http://www.dezignnet.com/docs/MS_ProxyBypass.asp

        This could help you.

        Edit**
        I just read the URL, this policy can be applied as a domain GPO, the URL refers to Local.
        The issue is I don't know what site needs to be whitelisted. I have tried all the sites MS recommends for Windows updates and none of them allowed the root certificate update to go through.

        Comment


        • #5
          Re: Allowing Root Certificate Updates through the firewall

          I just did a google search and found these.

          Please remember to award reputation points if you have received good advice.
          I do tend to think 'outside the box' so others may not always share the same views.

          MCITP -W7,
          MCSA+Messaging, CCENT, ICND2 slowly getting around to.

          Comment


          • #6
            Re: Allowing Root Certificate Updates through the firewall

            And here was I thinking a Root Certificate was something my wife gave me for later use when I was good. Click image for larger version

Name:	yahoo.gif
Views:	16
Size:	6.2 KB
ID:	466758 (in my dreams).

            Naughty Biggles.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: Allowing Root Certificate Updates through the firewall

              Originally posted by biggles77 View Post
              And here was I thinking a Root Certificate was something my wife gave me for later use when I was good. [ATTACH]5807[/ATTACH] (in my dreams).

              Naughty Biggles.
              I think you have to be an Aussie to get that one LOL.

              Comment

              Working...
              X