Internet Explorer Cannot Connect to Secure Sites
Last updated: 5/23/05
This article mainly deals with problems encounterd by Dux Computer Forum members who were using Windows XP/2000 and Internet Explorer (IE) version 6 to connect to secure web sites; however, many of the steps are applicable to other versions of Windows and IE. Many thanks to all forum members who contributed to this article. Forum Topic.
Many things can cause IE secure connection problems. A lundry list of things to try follows. I would suggest trying one thing at time, closing IE, opening IE, and testing before doing the next one. You can test IE's ability to make secure connections using VeriSign's SSL test site.
If reasonably possible, install all Windows updates. A free CD with all updates is available from Microsoft.
Scan for worms, viruses, and spyware. They can cause these sort of problems. I use AVG for viruses and worms, and both Adaware and Spybot S&D for spyware/adware. All three are avilable as free downloads.
Verify that IE is working on unsecure web sites. Refresh this page.
Open IE and click Help, About Internet Explorer and look at the Cipher Strength. It should be 128 bit. If the Cipher Strength is anything less then 128-bit, download and install the Internet Explorer High Encryption Pack.
Open IE, go to Tools, Internet Options, Advanced and scroll to bottom of list. The SSL and TLS options (all versions) should be checked.
Delete Cookies, Delete Files and Clear History in Tools, Internet Options, General tab. (Deleting Cookies may delete some stored Internet passwords.) Check the Delete all off-line content checkbox.
Uncheck the box for Enable Third Party Browser Extensions in the Advanced Section (all other settings in Advanced Section are set to Default). Click Apply and close and open IE.
Configure Security settings for the Trusted sites zone in IE: IE, Tools, Internet Options, Security tab, select Trusted sites, Default Level. Sites, enter the address (URL) of the site in the Add this Web site to the zone: box, Add, OK, Apply.
Check Firewall/Network Configuration. Make sure that the SSL port (port 443) is open on your network/firewall (if you have any). There are many different Firewall/Network products, so we can't give set-by-step instructions. Check the documentation or help file of the product you use. If you are behind a broadband router, you may not need a firewall on your PC. One forum member fixed the problem by uninstalling Norton's Personal Firewall.
Clear the Secure Sockets Layer (SSL) slate and AutoComplete history: IE, Tools, Internet Options, Content tab. Under Certificates, click Clear SSL State. Click OK when you receive the message that the SSL cache was successfully cleared. Under Personal information, click AutoComplete. Under Clear AutoComplete history, click Clear Forms. Click OK when you are prompted to confirm the operation.
Verify that the Date and Time Settings on Your Computer Are Correct: Because SSL certificates have an expiry date, if the date on your computer isn't correct, it may prevent you from connecting to secure sites.
Check the file integrity of the IE and Outlook: boot to the Windows Safe Mode by pressing F8 key several times just as Windows is about to start. Start, Run, enter sfc /scannow (It might ask for the Windows CD to upload the corrupted files). Re-registering the softpub.dll (dynamic link library). Start, Run, enter regsvr32 softpub.dll and wait for the OK message; then try again.
This works, apparently, if you have installed a customized version of IE6, (maybe from your ISP). urlmon.dll is often missing. Login as Administrator, close all programs, start, Run. and paste in regsvr32 urlmon.dll, Ok.
I did a repair installation of XP and it did restore access to secure sites. It also restored the loading speed of my icons and my capacity to click on links in email, which had vanished." How to Repair and Reinstall IE 6.
It might be a certificate issue.
See Method 8 in the link below.
MSKB 922798: You cannot install some updates or programs
Instead of formatting and reinstalling Windows XP, you might be able to restore it back to a restore point before the problem arose... Start, Help, Undo changes to your computer with System Restore.
One more thing to try, that I didn't see mentioned here was to check to see if FIPS compliant encryption algorythms were enabled or not. I have found that enabling this feature will often cause HTTPS sites not to load, and report a DNS error. To check this option go to
Control Pannel > Administrative tools > Local Security Settings
Open up Local Policies > Security Options
Verify that "System Cryptogrophy: Use FIPS compliant algorythms for encryption" is set to disabled.
You will need to restart the system for this to take effect.
This should work if you are using Windows XP and have Norton Personal Firewall installed.
2. Control Panel
3. Administrative tools
Here you will see a listing stating 'Norton Unerase Protection'
5. Right click on this and go to properties
6. Under 'startup type'. select 'disabled'
Now close this down and delete Norton Firewall through Add/Remove programs and when you restart you PC everything will be rosie in the garden again.
I would be sure some sort of firewall is running before connecting a computer to the Internet. How to Enable/Disable the Windows XP Firewall.
If you have a
Belkin ADSL router,
change the router's Idle time from 5 to 0 and the MTU (maximum transfer unit) from 1456 to 1400.
It was in msconfig, the ccapp application was unchecked. To use msconfig click start, Run, and enter msconfig.
ccapp is part of Norton AntiVirus 2003.
Redownloaded DIRECT X 9.0 from Microsoft.com free downloads.
My problem occurred after unistalling a program called Ghostsurf...
What solved my problem was turning the proxies off under the LAN settings and also under my Internet connection.
Change your MTU settings in WAN - mine was at 1458 and I couldn't access any secure sites - ebay, hotmail etc. So I searched around and I read that the default was 1500 but you had to use 1492. So I changed my MTU to 1492 and everything now works. If 1492 doesn't work for you, keep decreasing the number until it does. To change your MTU settings use Dr. TCP.
The simple fix after many nights of getting no where was to hit the refresh button at least 3 times at the sites home page.
Go to start->control panel->Add/remove programs, remove internet explorer. reboot your computer and then install a fresh copy of internet explorer 6.0 and then update it online.
The solution was to install a different version of Java.
I uninstalled java 2 version 1.4.1 and installed the version 1.3.1.
Run "regsvr32 wintrust.dll" and "regsvr32 initpki.dll" , in addition to "softpub.dll"
MSKB 870700: How to troubleshoot problems accessing secure Web pages with Internet Explorer 6 Service Pack 2
MSKB 232012: Error Message When You Attempt to Install 128-Bit Upgrade
MSKB 261328: Cipher Strength Appears as 0-Bit in Internet Explorer
MSKB 301803: Error Message When You Try to Connect to Secure Site: Client Certificate Has Expired or Is Not Yet Valid
MSKB 303807: "The Page Cannot Be Displayed" Error Message When You Try to View Web Page on a Secure Web Site
MSKB 305217: Page Cannot Be Displayed Error During SSL 3.0 Server Session Timeout
MSKB 811383: Internet Explorer Connectivity and Certificate Display Issues
MSKB 813951: You Cannot Access Your MSN E-mail Account or Authenticate with a Web Site in Various Programs
MSKB 821814: You Receive a "Page Cannot Be Displayed" Error Message When You Post to a Site That Requires Authentication
You cannot install some updates or programs
How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP
MSKB 834839: A security update is available that modifies the default behavior of Internet Explorer for handling user information in HTTP and in HTTPS URLs
List of manual uninstall documents for Symantec programs
Please see our Contact page
if you have any comments or corrections that would make this article better. Please use our Forums if you need help with a computer or network problem.