(I rewrote my answer after David Heffernan's comments.)
1. Workaround
Turning off "Check for server certificate revocation" in "Internet Options\Advanced\Security" eliminated the certificate error page in TWebBrowser
. Note that turning off revocation checking opens a security hole (thanks to David Heffernan for emphasizing this in his comments).
2. Difference between Windows XP and 7
The different behavior was due to that this option is turned off on Windows XP by default, but on Windows 7 it's turned on. It's strange that this security setting is handled differently on different OS versions. Windows XP should have been patched to turn this setting on by default.
3. The problem with the certificate
When revocation checking is turned on, IE reports that there is no problem with the site's certificate and every certificate in the certificate chain is OK. This is misleading, because if the Internet Explorer Feature Control FEATURE_WARN_ON_SEC_CERT_REV_FAILED is also turned on, IE displays a Certificate Warning which says "Internet Explorer was unable to contact the issuer to ensure the certificate has not been revoked".
4. The effect of Silent Mode
When revocation checking is turned on, and the issuer cannot be contacted, TWebBrowser
shows a Security Alert popup with the text "Revocation information for the security certificate for this site is not available. Do you want to proceed?" Unfortunately, when the TWebBrowser.Silent
property is True
, the prompt is suppressed and "No" is automatically chosen. In my case, Silent Mode was turned on because I wanted to hide the JavaScript errors of the page, so TWebBrowser
jumped directly to the certificate error page, and didn't let me proceed.
5. The solution
The security hole can be avoided by enabling the revocation check, but in this case TWebBrowser.Silent
must be False
, and the user will have to close every popup manually (on the above Security Alert popup "Yes" must be clicked). Since my app uses the site automatically (based on code written in PascalScript), it has to close every popup itself (this feature has already been implemented for Confirm popups).