Hi,
You're not saying it, but I'm guessing you are trying to access https websites using Internet Explorer?
The certificates that comes with Windows XP are too old. Try installing either chrome or Firefox, although both might have dropped Windows XP to browse the internet.
Quite frankly connecting a VM running Windows XP to the internet is a bad idea.
The OS is so far out of official support that there's a ton of ways to get infected.
Unless that is your goal, I'd say don't do that.
No antivirus will be able to protect that anymore.
Windows XP was great and can be useful for a number of things, but it does not include connecting it to a network (or worse internet).
--
Wil
Hello A,
Ouch, then I'm afraid I do not have good news.
No installing Firefox or Google Chrome will not help for that, at all.
Without more information (I would need to see the actual https connection to be sure) it sounds like the global depreciation on SHA-1 for certificates is your problem.
See also:
Is Your Organization Using SHA-1 SSL Certificates? | Security content from Windows IT Pro
Down there you can read that Windows XP SP3 has support up to SHA-2.
If your Windows XP is up to date then that -in theory- should still work. But of course I don't know how the https connection is setup.
There's plenty of antivirus products that meddle with https connections and they could break this easily, so while I'm not in favor of getting rid of antivirus on Windows XP guests, it could be a worthwhile troubleshooting step (uninstall not just disable to make sure)
If that still does not help then I'm afraid getting the software to work on Vista (or higher) is your best bet.
As long as there are no hardware drivers involved that usually is do-able. Most software works ok, once you run it via the compatibility modes that Vista (and higher) offer.
In that case, right click the application icon in the start menu, select properties, then on the "Compatibility" tab set the compatibility level to Windows XP.
If there's a problem getting it installed you can try the same for the installer. If that still doesn't work... there's another way. Upgrade Windows XP to Vista.
As always make a backup of your virtual machine before trying something like this so that you have a good copy to start from if something fails.
--
Wil
Hi,
The actual URL being accessed or a tcp packet dump would be needed in order to figure out the actual SSL/TLS that is being negotiated.
--
Wil
Hi,
Not seeing anything very wrong in the TLS handshake itself. The server proposes TLSv1.0 which is not an issue for Windows XP and the handshake itself appears to complete OK.
Now I might be overlooking something as I do not look at packet dumps often.
So as the packetdump contains enough info for me to connect to the server directly I figured to try a test via openssl.
There I DO get an error.
$ openssl s_client -showcerts -connect yourip:443
CONNECTED(00000003)
depth=1 /C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
The above means that it is missing a root certificate. It might help installing that certificate in your Windows XP if you do not control the server (1)
So then I ran that same site through Qualys ssl labs.. umm.. plenty of work to do on that config.
Not sure if you control the site, but if you do, have a look. I'm not posting the URL here now as I don't want a search engine to pick it up.
The "good" news is that the server uses a SHA1 certificate, good as in that your Windows XP won't choke on that.
However the certificate used on the main site (not on the subdomain) should work too.
(1) the root certificate that your windows XP should have -perhaps already has- is: GeoTrust Global CA
--
Wil
Hi,
OK, the screenshot talks about not having the correct root certificate in your trusted CA store.
So either missing or expired.
This might help:
Otherwise look through the possible updates (not only the required ones) in Windows Update and run anything that talks about (root) certificate updates.
There have been several updates in that area.
--
Wil
Hi,
I think now we are back to "you shouldn't browse the web with Windows XP" 
Actually you can try and check for your self too. On ssllabs.com there's an option to test servers, but also for testing your browser.
It will show the protocols your browser supports.
If you put the host for the site you asked into the ssllabs site then it lists that Windows XP is not supported and that the connection was closed when tried.
The site is not supporting Windows XP and I can't really blame them as it is a huge pain to support older browsers.
You can still try Chrome or Firefox or ... and while that might work, it still falls under the "bad idea" factor.
Just use the VM for your important application and nothing else as infecting your VM and heaven knows what else is not helping to keep your app alive.
--
Wil
Hi,
Yes I looked at it, it is the eccouncils.org site again.
Sorry won't work and as far as I understand it, this cannot be fixed in Windows XP as it is effectively blocked.
--
Wil