IE: HTTPS security is compromised by res://ieframe.dll/sslnavcancel.htm

Question

I\'m working on an ecommerce application that has many HTTPS-only areas. This particular error only happens in IE (10 at least, haven\'t tried others) and it only happens on on

Answer 1

Issue: res://ieframe.dll/sslnavcancel.htm is an embedded HTML resource in ieframe.dll that is displayed in IE to users to indicate that some resource was blocked because it was signed with an invalid certificate. A certificate may be considered invalid for a variety of reasons including if the certificate has expired or if there's a mismatch between the hostname in the certificate and the hostname actually used to obtain the resource.

Solution: You can try installing Fiddler the HTTP debugging proxy and running that while testing your website in IE10. Fiddler sits as an HTTP proxy between your browser and HTTP servers and (among many other things) will let you know if any resource obtained has an invalid certificate. Start Fiddler, go to Tools|Fiddler Options|HTTPS, check Capture HTTPS CONNECTs, check Decrypt HTTPS traffic, and ensure 'Ignore server certificate errors' is unchecked. Restart Fiddler, visit your website in IE, and then examine Fiddler's log view for resources with invalid certificates.