Hi Guys ,
While building a SOE image I came accross an issue which was preventing us to go live with user testing of the new SOE image .This issue happens when you try to browse any website and the browser throws an error message given below:
Error: Your connection is not private.
Attackers might be trying to steal your information from www.google.com
I did some further test about this issue.
I collected the netmon trace and found that when we tried to access https://google.com, the client will not send its certificate to the server, but only verify the certificate from server. Surprisingly I noticed that the session was finished by the client itself, instead of the server. So we can say that the issue is happening on the client’s side.
We can collect schannel ETL trace to see if the local schannel did the finish symbol, or it doesn’t know anything about it. To this abnormal behaviour, I suspect it’s caused by 3rd firewall, like McAfee and Symantec. (I noticed there are McAfee agent in the network trace.) If there is any antivirus installed on the machine, please try to disable it and see if the issue can be resolved.
So I remove the MacAfee agent on the system but it still does not help.So I dig deep into the CAPI2 logs
From the CAPI2 log, it clearly shows that the certificate from google is not trusted. I believe that the online checking of the certificate is not enabled.
Please edit the following policy in gpedit.msc:
Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Certificate Path Validation Settings
You can set like the screenshot in the group policy:
Make sure that “Always prefer CRL over OCSP responses” is not ticked.
Once these option are checked the issue will be resolved .
Categories: Windows 10