ISA Portal Certificate Warning
This Article highlights the steps to be taken in case SSL Certificate Warnings are noticed when trying to access the ISA Portal.
Issue
On trying to access the ISA Portal, warning messages like "Untrusted Certificate" and "There is a problem with this website's security certificate" are noticed.
This error is typically seen when the ISA App is unable to reach the ISA Portal (*.instasafe.com) or a secure connection cannot be established. The communication to the web server (ISA Portal) takes place over HTTPS.
Solution
In case of a proxy configured, it is recommended to add the URL https://*.instasafe.com to the Exception List. In case the issue persists, please follow the troubleshooting steps suggested below.
The ISA Portal is signed with the modern root certificate "USERTrust RSA Certification Authority". It is also cross-signed with the root certificate "AAA Certificate" to increase support for older/legacy devices with outdated Trusted Root CA Certificate Stores. A modern browser would have the "USERTrust RSA Certification Authority" root already installed and trust it without needing to rely on the cross-signed "AAA Certificate". A legacy browser or older device that does not have the modern “USERTrust RSA Certification Authority” root would not trust it and would look further up the chain to a root it does trust, i.e. the "AAA Certificate". If both “USERTrust RSA Certification Authority” and "AAA Certificate Services" root certificates are missing, the certificate of the ISA Portal would not be trusted, and not load as expected. This in turn may lead to errors while installing and configuring or even connecting the ISA App.
The Trusted Root CA Certificate Store is typically updated by the browser software or the device OS frequently, often as part of security updates, and on older outdated platforms it might be updated only as part of a full software update – such as Windows Service Packs or optional Windows Update releases. It's also possible that certain GPO settings might pose a problem, for example: if the GPO setting Computer Configuration\Administrative Templates\System\Internet Communication Management\Turn off Automatic Root Certificates Update is Enabled, the OS wouldn't pull root CAs from Microsoft.
In order to overcome the issue and access the ISA Portal without any SSL Warning or other errors, the root certificate could be manually installed on the device. The certificate for the "USERTrust RSA Certification Authority" root could be download from
here while the certificate for the "AAA Certificate" root could be downloaded from
here.
Alternatively, the certificate could be downloaded/saved to a local file on the system by Exporting it from the browser itself:
1. View the Certificate of the website (ISA Portal)
2. Go to the 'Certification Path' tab
3. Select 'USERTrust RSA Certification Authority' and click 'View Certificate'
4. In the new window, go to the 'Details' tab and select 'Copy to File'
5. In the 'Certificate Export Wizard', click 'Next'
6. Select the “DER encoded binary X.509 (.CER)” format and click the Next button.
7. Specify the file name you wish to export the SSL Certificate to, along with the path and click 'Next'.
8. Click the 'Finish' button to complete the export of the certificate.
The Certificate can now be installed and imported into the Trusted Root CA Certificate Store.
1. Open 'Run' and enter mmc.
Microsoft Management Console (MMC) must be run as Administrator.
2. In the MMC-based console that opens, select 'File' > 'Add/Remove Snap-in'.
3. In the Available snap-ins list, select 'Certificates', and then click 'Add'.
4. Select 'Computer account', and then click 'Next'.
5. In the next window that opens, click 'Finish'.
6. In the tree pane, select 'Certificates (Local Computer)' > 'Trusted Root Certification Authorities', right-click 'Certificates', and then select 'All Tasks' > 'Import'.
7. In the Certificate Import Wizard, click 'Next'.
8. Click 'Browse' and select the certificate that was exported in the earlier procedure.
Click 'Next'
9. On the next page of the Certificate Import Wizard, click 'Next'.
10. On the last page of the Certificate Import Wizard, click 'Finish'.
11. Exit and restart the browser to apply the changes.
The ISA Portal should now load fine without any SSL certificate warnings.
In case the issue persists, please contact your organization's IT Team.
If you are an Admin of the organization's ISA Account and need assistance, contact
InstaSafe Support.