Entrust Certificate Services Support Knowledge Base

Audience: Administrator
Last Modified: 2007-03-16 14:28:24.0

TN 7097 - Why do I receive the message Windows Does Not Have Enough Information to Verify this Certificate after installing my EV certificate?

Problem

You have imported your EV SSL Certificate into your Windows 2000 or Windows 2003 server for use in IIS and receive a security alert message

"The Security Certificate was issued by a company that is Not Trusted"

When you view the certificate in IIS, you see a yellow warning and a message that reads

"Windows Does Not Have Enough Information to Verify this Certificate after installing my EV certificate."

Through standard method of importing the chain certificates, the problem still occurs.

Solution: Perform a clean import of the chain certificates.

Step 1. Remove Entrust Chains From your Internet Explorer Browser and any duplicate Entrust Roots.

A. On the Server, open your MSIE browser, goto Tools/Internet Options and click on the Content button
B. Click on the tab Intermediate Certification Authorities and remove all certs issued by Entrust. Apply settings.
C. Click on the tab Trusted Root Certification Authorities and remove all Entrust Root certificates except the Entrust.net Secure Server Certification Authority with expiry date 5/25/2019. Apply settings and close your browser.

Step 2. Remove Entrust Chains from your Certificate Snap-In -- computer account

Snap-In Configuration

Use the following steps to create a new Microsoft Management Console (MMC) and add the

Certificates snap-in:  Click Start, and then click Run.
Type in "MMC" and click OK.
Click Console in the new MMC you created, and then click Add/Remove Snap-in. In the new window that appears, click "Add". Highlight the Certificates snap-in, and then click "Add". Choose the Computer account option and click "Next".
Select Local Computer on the next screen, and then click "Finish". Click "Close", and then click "OK".

A. Expand the folder Trusted Root Certification Authorites and go into your Certificates folder.  Remove any Entrust roots except the Entrust.net Secure Server Certificate Authority with expiry date 5/25/2019.

B. Expand the folder Intermediate Certification Authorities and go into your Certificates folder.  Remove all Entrust certs.

Step 3 - Add the 2 Entrust Chains (root chain and the L1A)

A. Expand the folder Trusted Root Certification Authorities and go into your Certificates folder.
B. Right click on the Certificates folder, choose All Taks and Import
C. Browse to the Entrust Chain ROOT certificate, choose Next
D. Select Place all certificates in the following store and click on Browse.
E. Check mark Show Physical Stores, Scroll up and expand the Trusted Root Certification Authorities, click on Local Computer and click OK
F. Click Next and Finish

G. Perform the same steps for the L1A Chain certificates.

Step 4 -- Stop and Start your IIS server

 

Affected Products:

• Entrust Certificate Services EV SSL - 1 Year Version Not Applicable English Windows
• Entrust Certificate Services EV SSL - 2 Year Version Not Applicable English Windows