"The page cannot be displayed" error when attempting to open a secure Website

The issue: Trying to connect to a FCPS Website via SSL (https) including WinOcular and Voucher causes IE to display the "The page cannot be displayed" error.

In order for secure communication to occur between the browser and the Web server, there has to be a valid chain of trust leading from our organization's server certificate up to a "trusted root certification authority." In our case, that authority is a certificate called GTE CyberTrust Global Root. This certificate must be present in the workstation's Trusted Root Certification Authorities certificate store, and it must be enabled for the purpose of server authentication, in order to establish a secure connection between the server and the browser.

If the browser is Microsoft Internet Explorer 6.x, then the certificate will be there and will be configured properly. So upgrading the browser to the latest version will fix the problem. However, older versions of Windows (including Win 95) do not support IE 6.x, so the certificate must be manually configured.

First, enure that the certificate is there. If so, make sure it is enabled for server authentication. For some reason we have some workstations with the correct certificate installed in the trusted root store, but with only secure email purpose enabled. On these machines, you can manually edit the certificate to enable server authentication using the procedure below.

The fix: Ensuring that the certificate is present and configured for server authentication

To verify the existence of the GTE CyberTrust Global Root certificate in the Trusted Root Certification Authorities certificate store, open Internet Explorer and point to Tools > Internet Options. Click the content tab, then under Certificates, click on the Certificates button. Then select the Trusted Root Certification Authorities tab. Scroll down the list and verify that there is a "GTE CyberTrust Global Root" with an expiration date of 8/13/18. To verify that this certificate is configured for Server Authentication, double-click the certificate name and then click on the Details tab. Click on Edit Properties. In the box that lists all the possible purposes for this certificate, make sure that Server Authentication is checked. If this area grayed out, select Enable only the following purposes. Then check the appropriate box to enable Server Authentication. Then click Okay, OK, Close, OK. This should fix the problem.

If the GTE CyberTrust Global Root certificate is not present in the Trusted Root Certification Authorities certificate store (we have yet to discover a machine like this, but it remains a possibility), you can download the certificate here: http://webapps.fcps.net/dl/cert/GTECyberTrustGlobalRoot2018.crt. Choose Open, then click on Install Certificate. Use the Wizard to install the certificate to the local machine's Trusted Root Certification Authorities certificate store.

Last update: 3/17/2004 8:57:59 AM     Printer friendly view