Forum Discussion

Kikino's avatar
Kikino
Copper Contributor
Oct 09, 2023

Strange root certificate on all websites

Hello,

 

I have inherited administration Windows Server 2019 which serves as terminal server. Few days ago I noticed some strange certificate, which is stated as certificate issuer on almost all websites. You can see certificate details and certificate hierarchy for site amazon.sk. When I open amazon website on my computer, the certificate issuer is "DigiCert Global Root G2". However, there are some exceptions such as google.com which has the correct "GTS Root R1" certificate issuer.

I have also found this strange certificate in certificate manager under trusted root certification authorities.

When I disable this certificate the warning "Your connection is not private" appears on all site using this certificate. 

 

I have not encountered something like this before and I didn't find any relevant posts on internet. I suppose that this certificate was created by former admin of this server but I am also concerned whether it isn't some security breach.

Do anyone have a clue what can cause this weird problem?

 

Thank you in advance.

 

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi Kikino,

    one possibility is that a previous administrator installed the certificate on the server.

    Another possibility is that the certificate is malicious. This would allow the hacker to steal personal information.

    It is also possible that the certificate is simply a mistake. For example, the certificate may have been installed incorrectly or it may have become corrupted.

    - If you are concerned about the security of the certificate, you should disable it.

    To disable the certificate, follow these steps:

    1. Open the Certificate Manager.
    2. Expand the Trusted Root Certification Authorities store.
    3. Right-click the certificate and select Disable all purposes for this certificate.
    4. Click OK.

    - If you need to access websites that use the certificate, you can re-enable it by following the same steps and selecting Enable all purposes for this certificate.


    - If you are unsure whether the certificate is safe, you should contact the certificate authority that issued the certificate. The certificate authority can tell you if the certificate is valid and whether it has been revoked.

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

    • Kikino's avatar
      Kikino
      Copper Contributor

      Hello LeonPavesic,

       

      thank you very much for your answer. As I wrote I've already tried to disable certificate but after disabling it many websites (amazon, Facebook, The New York times, etc.) ends with following error: 

      I've also tried multiple browsers (Chrome, Edge, Firefox) and all browsers use this certificate so it is system-wide. Due to this I cannot simply disable the certificate because all users will encounter this error on daily basis.

      Is there some way to stop using this certificate for websites? I have also tried to uninstall it but it automatically installed back.

       

      Thank you.

       

Resources