# Internet Explorer 8 security certificate install bug/issue



## Aurnia (14 Sep 2009)

Apologies if this has been posted before. Perhaps a few techy and savy of ye know about this.

There's a problem with IE8 with not recognising trusted websites and in particular the abliity to install the security certs.

It seems the option to install has been removed or at least it has as far as I can tell. It is greyed out when you go to view the cert.
I've searched on the net for the answer to this (regarding unscripted active x's, unchecking search for server & publisher's certificate revocation, both the latter which work for me checked using IE7) but nothing seems to work for IE8 and basically running out of ideas.

I've done nearly everything obvious.

I've Vista and IE7 but the sis upgraded to IE8 (one of the recommended upgrades) and is currently regretting it. She had to do some internet shopping and had to use my laptop instead.
I had the security cert error problem myself for the websites in questions until I installed the security certs for the revelant sites to root and then everything went smooth. 

When I was on XP and IE6 these security cert issues never arose, on for example online banking and only have done since got IE7. But at least IE7 is workable in that it allows to install the cert.

Anyone found out a way to for IE8? There's a few more options in IE8 which I'm not familiar with and differ to IE7 so not sure to click or unclick them and I've not got her laptop to hand so will have to talk her through the options.

I've done the usual under the internet options and compared the two laptops beside each other. It's the unusual or different setting I think I'm looking for.
Thanks in advance.


----------



## rgfuller (14 Sep 2009)

Perhaps contact or reference for help from the websites which provide the "certs", or at least give an example of sites which are causing a problem. You shouldn't 'need' to install a certificate to do internet shopping at all, and if you are seeing an error on the address bar perhaps the site itself is dodgy.


----------



## Guest128 (14 Sep 2009)

Have you considered switching to FireFox to see if the sites work?


----------



## Aurnia (14 Sep 2009)

Flanders cheers, but do tend to stay with what I know and like if you know what I mean.

Not sure what you mean rgfuller. Would you call Aib Internet banking dodgy? That throws up a security cert error. Same as hotmail. Same as Bord Gis residential a/c log in. Same with Amazon..

It's an known issue with IE 7 & IE8 where as sites are deemed not trusty worthy as pretty much default when you try to log into them but at least with IE 7, you can physically tell IE that you trust the site by installing the cert. IE7 & IE8 doesn't do it automatically as where IE6 did.  I've installed the certs myself with some sites. 
With IE8 this faciltiy seems to have been removed as far as I can tell unless someone has found a good workaround or setting that works which the masses don't know.

So to answer Flanders - I know the sites work!

Websites that we shopped on are beauty websites (for the girls here, feelunique.com & skinsaloncare.com) which give bargains on higher end hair products which in these recessionary times we can't be paying on the high street.
Neither of them are dodgy - all products delivered and have come recommended elsewhere.

Anyhow I'm not upgrading to IE8 unless we can solve this issue. Sis isn't liking IE8 and would have preferred to have stayed with IE7 only it did the upgrade on her without her realising the consequences.


----------



## rgfuller (15 Sep 2009)

Ah, ok - have a look at this thread - [broken link removed] it suggests that it could be a root certificate update required ?
Can you check what version of ie8 is installed - my working version is 8.0.6001.18702


----------



## Guest128 (15 Sep 2009)

Thats fair enough, if its what you like its what you like.


----------



## Aurnia (20 Sep 2009)

Hi RJFuller, sorry had to wait for the details on this.

It is Internet Explorer 8 - 8.0.6001.188314. Version update 0.

My own working one is Internet Explorer 7 - 7.0.6001.18000


----------



## allthedoyles (20 Sep 2009)

just for your information , an Eircom Broadband helpline engineer , told me not to install IE8 - 
I am using XP .


----------



## AlbacoreA (21 Sep 2009)

Running IE8 on XP no problems yet.


----------



## tallpaul (25 Sep 2009)

Eircom engineer talking through his...I'm running IE8 on three XP machines at home. No problems whatsoever. 

Did you try to uninstall/reinstall IE8 making sure to temporarily disable your firewall/anti-virus while you do so?


----------



## AlbacoreA (25 Sep 2009)

The bug seems to relate to vista. That's said I have no problems on vista or xp with ie8


----------



## rgfuller (25 Sep 2009)

Aurnia said:


> Hi RJFuller, sorry had to wait for the details on this.
> 
> It is Internet Explorer 8 - 8.0.6001.188314. Version update 0.
> 
> My own working one is Internet Explorer 7 - 7.0.6001.18000


 
That version number doesn't seem to be standard by any means, two suggestions: Try running IE8 by right clicking the desktop shortcut and select "Start without add-ons" see if that fixes the problem.

Otherwise, I would re-download the IE8 installer program from the microsoft website, then uninstall the current 'broken' version and re-install using the newly downloaded installer program.

Also another thing to check is that the XP machine itself has it's service packs (should be running SP3).


----------



## NHG (25 Sep 2009)

I had version 8 and it email printing was a problem, it letters overlapped each other, changed to firefox and prob was solved, until I tried to use the on line realex purchase card system and it would'nt work with firefox, rang microsoft and they deleted version 8 for me and reinstalled version 7 and everything is grand since. Using XP Professional.


----------



## Aurnia (2 Oct 2009)

Cheers lads. Hadn't a chance to look at site the last week so sorry. Will have a look at her laptop and try uninstalling IE8 and maybe reinstalling IE7 or IE8 and will update ye on progress. Give me a few days/week.

Btw thought I mentioned but perhaps I didn't, we both use Vista. Vista Home Premium, Version SP1.


----------



## Aurnia (3 Oct 2009)

I had a digit wrong. It is 8.0.6001.18831. Version update 0.


----------



## Aurnia (3 Oct 2009)

Well I un-installed IE8 via the installed update, via Control Panel -> Programs & features -> view installed updates and uninstalled update for IE8. IE7 was then restored and her version is 7.0.6001.18005.
Then went into Internet Options and changed all settings under Security & Advanced to the same as mine. 
On hers however, we still have the problem of not being able to install the root certifificate. 

Now the only obvious difference between hers and mine is User Account Control (UAC). It's found under Control Panel -> Windows Security Centre -> Other Security Settings -> User Account Control. Mine is unclicked and hers is clicked on. Wonder is this the problem? The reason I ask is I unclicked mine ages ago and while she doesn't mind the box popping up (while I did) I've a feeling this might be the difference, then again maybe not. 

Any suggestions??  For those with IE7/IE8 and Vista and able to install root certificates do ye have the UAC clicked on or not?

As an aside, we use our own antivirus and firewall (Kaspersky IS7 so Windows Firewall is disabled) but don't have problems. 
We're leaving IE7 on hers - at least for the moment. She much prefers it's functionality and usablity compared to IE8 which she really didn't like. 

Re Firefox. Yeah we could, but it doesn't allow other things which I'm aware of so and I know a good few users of it seem to have to have both IE and Firefox installed and use them for different types of sites, so once I get this sorted, she'll be happy.
Might be a week now before I get my hands on her laptop again.


----------



## Aurnia (4 Oct 2009)

mystry4all said:


> Firefox gives you protection thats why it doesnt aloow you ''those'' sites


 
Tis not dodgy or shady sites I or my friends are looking at! Sheesh!


----------



## Aurnia (10 Oct 2009)

Update on this. It is the UAC that was the issue rather than I think IE8 as my original post. The UAC is unique to Vista and probably also included in Windows 7.

For people who may encounter this issue of not being able to install the root certificates for trusted websites in IE7 or IE8 when using Vista - turn off the UAC (User Account Control) even temporary. It will require a re-boot up of system.

Then go into your site when the page comes up saying there is a problem with the security and the red/pink colour is in the address bar, click to view the certificate and voila the box to install certificate appears. Then go through the wizard and place the certificate in the Trusted Root Certificate Path. A box comes up asking do you want this - click yes. 

Then when you go through the checkout procedure there maybe another box, say yes to this and after this there will be no more problems.

You can then go back and click UAC back on again if you wish but the root certs are now installed.

We may or may not upgrade to IE8 now but at least we've got IE7 working for us.
Hope this helps people.


----------



## rgfuller (12 Oct 2009)

Well done Aurnia, I did check UAC on my Vista desktop machine running IE8 and it was On for me and IE8 was operating fine, as mentioned earlier the same for IE8on my XP desktop, Win7 Laptop and XP netbook.


----------



## Aurnia (12 Oct 2009)

Cheers Rgfuller. I'm techy to a point myself and knew it wasn't an obvious setting.
A search on the net also made me suspect it may be the UAC causing the issue in the first place.

Out of curiousty Rgfuller, I'd love if my hunches are confirmed on this one. Can you check in the machine with Vista and IE7/IE8 on say AIB banking/Bord Gais residential account site if not already installed the root certificate if you have the issue with them on not being able to install the certs with UAC clicked on? 

If there's no issue try this website  which is one of two that we had problems as well. Try to go as far as checkout (pick any product) and see if IE allows you to install the root cert with UAC on. No need to actually install, just want to check if it'll allow you to do it.
If it does then there's something different with our Packard Bell laptops, running Vista Sp1, IE7.

If it doesn't allow you then it's definitely a Vista/UAC issue and having IE7 or IE8 it seems didn't make a difference.

Mods - sorry if putting a website not related to issue and what may seem as advertising. 
We were getting as far as checkout, and even as far as putting the payment details in, but the main issue was the "verified by Visa" functionality when purchasing which would not come up on the sis's laptop, unless the site was in the trusted root certs which we could not at time install.

Anyway tis all sorted but I'm curious on this UAC thing.


----------



## rgfuller (14 Oct 2009)

I checked this last night, and no problem going to checkout on feelunique.com or logging into the Bord Gais site, I really don't understand why you are prompted to install a cert at all, your IE should already have cert authority trusts and should automatically check and accept the cert presented by the secure sections of these websites, there should be no need to install a cert locally (not sure on the online banking one - but valid for the other sites).


----------



## Aurnia (18 Oct 2009)

Thanks RG for that. So it's our machines then. Must be something to do with our version of Vista (Home premium, SP1) or settings we've in IE7.

Speaking of settings, in Internet options, the settings we've got clicked that might be relevant are:

*Under Security (set at medium high)* -
Enable - run components not signed with Authenticode
Disable - Allow previously unsed ActiveX controls to run without prompt
Promt - allow scriplets
Disable - automatic prompting for activex contorls
Enable - Binary and script behaviours
Prompt - Download signed activex controls
Prompt - intialize and script controls not marked as safe for scripting
Enable - run activex controls and plug ins
Enable - script activex controls marked safe for scripting

Enable - allow scripting of internet explorer web browser control
Disable - allow script initated windows without size or position contraints
Enable - allow webpages to use restricted prototcols for active content
Disable - allow websites to open windows without address or status bars

Disble - don't prompt for client certificate selection when no certificates or only one certificate exists

Enable - active scripting
Disable - allow status bar updates via script
Enable - allow websites to prompt for information using scripted windows
Enable - scripting of java applets

*Under Advanced* - 

Browsing:

Disable script debugging (IE)
Disable script debugging (other)
Enable third party brower extensions

Security (all clicked):

Allow software to run or install even if the signature is invalid
Check for Publisher's certificate revocation
Check for server certificate revocation
Check for signatures on downloaded programs
Enable Intergrated Windows Authenication
Enable Native XMLHTTP support
Phishing Filter - Turn on automatic website checking
Use SSL 3.0
Use TLS 1.0
Warn if Certificate address mismatch
Warn if POST submittal is redirected to a zone that does not match


----------



## car (18 Oct 2009)

Just seeing this now.  
Some FYIs
Firefox 3.5 and higher has an issue with certificates, I work with installing applications and clients (laptops/pcs) and new browsers are always tested for all applications that are in use in an office before we roll them out.   IE8 and FF 3.5.2 have caused issues with certs, sometimes the UAC fix works, sometimes it doesnt, for some apps, FF doesnt work at all if its https, but you can get the IE6 or IE7 plugin so it does which is a type of a workaround.


----------

