What to Do if You Receive a Security Alert on a Secure Website?
If you visit a secure website and the browser displays the "Revocation information for the security certificate for this site is not available" warning, you need to check the certificate by viewing it. If the date is expired, report this to the administrator of the website. If the date is valid, check with security certificate issuer about the validity of the security certificate. You should also ensure that Windows has all the necessary updates, especially the Update for Root Certificates.
An Automatic Root Certificate update is enabled by default in XP, Vista and Windows 7 and you can find it in the Group Policy console of Windows: It is recommended to keep the settings as is to help protect your computer and personal information. If you a phishing or rogue distributor website is using a stolen or fake security certificate, the browser should display a security alert about the security certificate. This is true if the security certificate is listed in the revoked certificate lists.
Other internet users have reported that the time or date in Windows is not set correctly and when they corrected the time/date settings, the revocation security alert upon visiting a secure webpage is gone. If the time and date is correct, try to clear the Secure Sockets Layer (SSL) state by going to Internet Options, clicking the Content tab, and then clicking "Clear SSL state".
Another possible solution is to re-register the following dll files:
- regsvr32 softpub.dll
- regsvr32 wintrust.dll
- regsvr32 initpki.dll
- regsvr32 dssenh.dll
- regsvr32 rsaenh.dll
- regsvr32 gpkcsp.dll
- regsvr32 sccbase.dll
- regsvr32 slbcsp.dll
- regsvr32 cryptdlg.dll
Or automatically re-register the .dll files by using the Microsoft Fix it 50191 solution.
If the above work-around will not help you, it is really best to scan the certificate for validity. Do not rush into visiting a website that has a security certificate issue unless you are quite sure that it is not a fake or malicious website or has not been compromised. In some cases, a legitimate or valid security certificate is issued to rogueware and malware distributors, which is a tough situation that Internet users face. It is recommended that you review the certificate practice statements by security certificate issuers. Example: VeriSign published their statement in PDF format at http://www.verisign.com/repository/CPS/.
Using antivirus program that will prevent visiting rogue or malicious websites, which may or may not use secure protocol (HTTP), is also recommended. Please note that turning off the server and publisher's certificate revocation in the browser is not recommended.
Image Credit: Screenshot taken by Donna Buenaventura