Windows SSL Revocation Issues and Woes

By Jake Edwards | Thursday, November 19th, 2009 | Permalink | No Comments

Recently one of my computer began to act strange, visiting HTTPS sites would always result in a notification of ‘certificate revocation’, basically that the HTTPS SSL certificate is no longer ‘valid’ or cannot be checked if it has been invalidated. It started to affect multiple things on my computer, particular Live Mesh, Google Chrome updating and general HTTPS browsing (such as Google email login) — and finding a solution wasn’t easy…

And so, that is why I am posting what I have found so far; in-case someone else has this issue as well… All the troubleshooting steps are assuming an install of Internet Explorer 8 with Windows 7.

Summary

SSL Certificates arn’t able to be checked for revocation on Windows 7 Professional 32-bit and 64-bit RTM.

The problem appears to affect multiple applications, all of which rely on SSL.

  • Live Mesh
  • Google Chrome updates (Error 7)
  • General HTTP Browsing

Solution

This error occurred again once when having installed the proxy application, WideCap.

The solution that fixes the issue is simple; in an elevated command prompt ‘netsh winsock reset‘.

Troubleshooting

These are the following steps I took in order to try and resolve the problem.

Preliminary steps I took to verify basic SSL settings are correct:

  1. Check the date and time to ensure it is correct
  2. Clear the SSL State Cache
    Go into Internet Explorer > Internet Options. Change to the Content tab. Press ‘Clear SSL State
  3. Delete all temporary files in Internet Explorer
    Go into Internet Explorer > Internet Options. On the General tab, under Browsing History, press ‘Delete…‘ then, selecting all options followed again by Delete.
  4. Running a virus scan to ensure nothing malicious was causing the issue.
  5. Checking that the BITS service was not disabled
  6. Running sfc /scannow to verify Windows files were in-tact

Unfortunately, those steps did not resolve the issue. These following, more drastic steps seemed to resolve the issue. I cannot attribute a fix to a specific step they were all performed together.

  1. Resetting Internet Explorer settings
    Go into Internet Explorer > Internet Options. Change to the Advanced tab. Press ‘Reset…‘. Then ‘Reset’.
  2. Resetting the Windows Firewall settings to default
    In an elevated command prompt, type netsh advfirewall reset, then press Enter.
  3. Resetting the WinHTTP and WinSOCKS configuration
    In an elevated command prompt, type netsh winhttp reset proxy, then press Enter.
    Then, type netsh winsock reset, then press Enter.

Preliminary Workaround

The issue affected various applications as noted in the summary. This is the following steps I took to resolve some of the applications and their errors.

  • Disabling revocation check in Internet Explorer options.Go into Internet Explorer then Internet Options, changed to the Advanced tab. Scroll down to the Security section. Uncheck ‘Check for server certificate recovation’ and ‘Check for publisher’s certification revocation’. Note: This reduces web browsing security substantially on the system and therefore finding a solution was a priority.

Cause

So what caused the issue to occur?

  • Used a proxy tunnelling application, WideCap
    This program tunnels programs that don’t support proxy protocols through just that, a proxy. This program may have somehow affected the WinHTTP or WinSOCK areas of the operating system. I will continue to use this application to see if the problem regresses.

This issue occurred once again and could be attributed to the WideCap installation noted above.

I hope this helps someone who has a similar problem, as unfortunately I couldn’t find the issue reported anywhere else on the internet.

Leave a comment