Unable to Log In certificate signed by unknown authority

Hi All,

Having and issue with installing TailScale on a Server 2012r2. Receving the following error which is receiving a security certificate error unknown Authority from TailScale. Need some assistance with this please.

2020-11-27T09:25:35.098+08:00: [RATE LIMITED] tshttpproxy: winhttp: GetProxyForURL(%q): ERROR_INVALID_PARAMETER [unexpected]
2020-11-27T09:25:35.401+08:00: setPrivateNetwork(try=1): SetCategory: Exception occurred.
2020-11-27T09:25:35.797+08:00: control: TryLogin: fetch control key: Get "https://login.tailscale.com/key": x509: certificate signed by unknown authority
2020-11-27T09:25:35.797+08:00: control: sendStatus: authRoutine-report: state:authenticating
2020-11-27T09:25:35.797+08:00: Received error: TryLogin: fetch control key: Get "https://login.tailscale.com/key": x509: certificate signed by unknown authority
2020-11-27T09:25:35.797+08:00: control: authRoutine: backoff: 14 msec

Looks like this is related to Windows 2012 not supporting the latest LetsEncrypt certs after some old cross-signing chain(s) expired. Or perhaps Windows 2012 not supporting SHA-2 in certs.

We’re looking into options now.

Thank you Brad Fitz, Will await your responce.

Regards

Acorer

For better or worse I wasn’t able to reproduce this. I tried both a new Windows 2012R2 VM on AWS and also on a Windows 7 VM (as it’s even older than 2012R2).

In both cases the cert could be verified by the default Windows settings.

Is your 2012 machine fully updated with the latest Microsoft security patches? Is there something unique about its root CA set?