Logging on to secure websites

[Twinwasp]

Hi!

I've been having problems logging onto one particular secure website for ages - probably since Windows 10 was installed on my PC. However, my laptop which also has Windows 10 works normally.

Now, I'm having problems logging into my bank too.

I'm a complete lay man in all things computer and I haven't altered anything.

Any ideas please?

Many thanks
David

 

[Regedit32]

Hi David,

I have a series of ideas that may help resolve your issue.

Before I suggest them though I need a little more information from you.

• What browser are you using to log onto these HTTPS web sites?
• Can you briefly explain the precise problem you are experiencing when attempting to log into Bank website.
  • e.g. Are you unable to enter accurate User ID or Password
• Do you get any specific error message when attempting to log in?

Regards,

Regedit32

 

[Twinwasp]

Hello!

Many thanks for your input so far.

I use Google Chrome. In fact I did manage to get into my bank site eventually on my PC, but I still can't get into the other secure site - on Google Chrome, or Internet Explorer, or Edge actually on the PC.

One thing I've noticed when I try that site is that the green box containing the secure padlock and the HTPPS bit in the browser bar isn't appearing for this other site.

I have tried to log into this other site both by typing in the name - and also from regular news updates they send me. In either case, after about 30 seconds, I get a message "this site cannot be reached".

Kind regards
David

 

[Tim Locke]

I wonder if the website that doesn't work is using the deprecated SHA1 encryption. Uptodate browsers are supposed to refuse those connections sometime soon.


struggle though bits of this http://arstechnica.com/search/?ie=UTF-8&q=SHA1

 

[Twinwasp]

Thanks for your input Tim.

The thing I find most curious is that I haven't changed anything significant on my PC, yet I'm having these problems on it, whereas the lap top (also no changes made) gets in without problem.

 

[Regedit32]

Hi David,

What is this ' other site ' you keep mentioning?

That Green Padlock is important: if you are not seeing it I'd not be treating the site as secure at all.

• Green indicates you are definitely connected to the site (and no other third party connections are present)
• Green (with a grey triangle) indicates you are connected to the sites secure page but the page contains some content that your browser will block as that "some content" does not meet the security criteria you have set up on your browser.
• Greyed out Padlock indicated the entire site has poor encryption and thus leaves you vulnerable if for example malware had installed a Key Logger onto your system
• No Padlock at all - No security at all! (Yes there is a chance something is buggy on the browser, but its a small chance and I'd not risk providing security details on such a webpage.

You mentioned you've tried Chrome, IE and Edge with no improvement in accessing these secure sites. You also stated you have done minimal modification to your Windows 10 install, so it seems unlikely an Add-on is affecting the browsers, which brings me to ask what Security Software do you have running on your System?

• Windows Defender?
• Symantec Norton?
• McAfee?
• Something else?

Also, how are you connected to the internet? Wired into a router? What security settings do you have set on the router? Firewall? anything else?


OK coming back to my observation that its unlikely to be an Add-on causing the trouble.

The next logical step is to check your Date & Time settings. If your computer is reporting a false Date or Time then the Security Certificates on your system for your Banking website, and that ' other one ' will be rejected by the sites server. So simply type Date and time into your search box, then press Enter. If necessary adjust the time. While you are at it verify your region settings are accurate too.

Your browsers store security certificates and cookies. If they have become corrupted or have expired then simply choosing to clear these via your normal Browser settings options may resolve your issue.

Each browser also uses a Secure Sockets Layer (SSL). Sometimes clearing these can help. For Internet Explorer you do that in the following way:

• Press Winkey + R
• Type INETCPL.CPL | then click OK
• Click on the Contents tab
• Click on Clear SSL State

If at this point you are still having issues (having considered the above suggestions then its time to consider the DLLs associated with site security management. You may need to re-register them to clear any possible corruption from a third party installation or corruption to the Registry itself. This can be done manually using an elevated Command Prompt:

• Press Winkey + X
• Press A or with mouse select Command Prompt (Admin)

You'll now see the Administrator: Command Prompt Console with the prompt C:\WINDOWS\System32>​

• Next type or copy & paste the following commands into your Administrator: Command Prompt console:

• regsvr32 softpub.dll
  • Press Enter key to execute
• regsvr32 wintrust.dll
  • Press Enter key to execute
• regsvr32 initpki.dll
  • Press Enter key to execute
• regsvr32 dssenh.dll
  • Press Enter key to execute
• regsvr32 rsaenh.dll
  • Press Enter key to execute
• regsvr32 gpkcsp.dll
  • Press Enter key to execute
• regsvr32 sccbase.dll
  • Press Enter key to execute
• regsvr32 slbcsp.dll
  • Press Enter key to execute
• regsvr32 cryptdlg.dll
  • Press Enter key to execute

Note: During this process you may received a message saying ' DllRegisterServer in FileName succeeded '. If you do simply click OK​

• Finally type Exit | then press Enter key to close the Administrator: Command Prompt console.

Report back on any progress with your issue.

Regards,

Regedit32

 

[Twinwasp]

My goodness! Thanks for the further detailed input.

I have Windows Defender as part of the Windows 10 package. McAfee came on board accidentally when I upgraded Adobe I think, so I deleted that yesterday in case it was causing conflict. I also cleared my cookies at the suggestion of my bank. I do seem to be able to get into the bank now (as I managed yesterday also, before deleting McAfee), but still no joy with Hargeaves Lansdown, which is the other site. It does try to connect (without the security padlock green box) but the layout is completely wrong and I have not attempted to log in at that point.

The PC is wired into the router, but the laptop is WiFi and I have no problems with that.

Some of your suggestions may be beyond my limit of safety as I am a complete layman, but I will work through them and see what happens - and report back as I go.

I would just add that a couple of weeks ago, the PC went through a few days of saying it couldn't connect to a Windows Network on start up. Restarting solved it each time and it has been fine for the last couple of weeks.

I really am grateful for your depth of knowledge and help in trying to get this annoying problem sorted.

David

 

[Twinwasp]

I haven't been brave enough to do anything other than checking the date and time I'm afraid. I may have to wait until a computer friend of mine comes to visit in a few weeks time.

However, Santander has decided not to connect again to the secure logon part on the PC. Curiously, another bank (Lloyds) logs on securely quite normally.

Fortunately everything is fine with my lap top -and the mobile phone too........

David

 

[Regedit32]

I haven't been brave enough to do anything other than checking the date and time I'm afraid. I may have to wait until a computer friend of mine comes to visit in a few weeks time.

Hi David,

That is fine. If you feel unsure about following the above steps and prefer to wait for a friend to help you I totally understand. It is best to be safe and sure.

I know those regsrv32 commands seem rather intimidating, but be assured they are completely save to do.

In layman's terms, when you execute regsvr32 to a DLL file, this calls DLLRegisterServer method entry point of the particular DLL you are registering. That in terns invokes a command to unpack that DLL's Class IDs (CLSID) into your Windows Registry. It also creates entries into the Windows Registry for any other module the particular DLL can be called from. Once the Class ID entries are created, Co-CreateInstances can then find the correct server when instantiating COM objects from another DLL or application.

OK that is about as basic as I can explain that sorry. Feel free to digest and ignore that attempt

In this instance the list of commands I gave you would simply overwrite the current Registry entries (or replace if missing), with the Default information normally present. This was just in case malicious software, or a third party application had corrupted their Registry entries, and thus creates a situation that prevents you accessing secure webpages.

I'm glad your bank helped you resolve the log in with their page. You may find what they told you to do could also be applied to the other webpage you cannot access - for instance if you were told to delete a session cookie for the Bank website, you could do the same for a session cookie for the other website.

Regards,

Regedit32