A lot of years are gone but very likely the issue could led to how an https request is done using Winhttp or in general, HttpSendRequest.

After the Certificate exchange and encrypted handshake message Windows will try to verify if what has been received is valid.
To do this, it first check certificate in "Trusted Root Certification Authorities" and in case of failure will start to "retrieve Third-Party Root Certificate from Network".

So a called to DNS and external address is performed. The problem is that in some environment maybe the calls are dropped and so your https request get stacked until a timeout.

The timeout should be 15 seconds and then the request is unlocked.

This behaviors it's completely independent from the options you can set on the HttpSendRequest about ignoring certificates because this action will be execute only later in time.

Knowing the request workflow there can be multiple way to fix it.

One is discussed in these articles:

• https://techcommunity.microsoft.com/blog/askds/tls-handshake-errors-and-connection-timeouts-maybe-it8217s-the-ctl-engine8230-/400501

• https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/configure-trusted-roots-disallowed-certificates

• https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/configure-trusted-roots-disallowed-certificates

basically set at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot:

• "EnableDisallowedCertAutoUpdate"=dword:00000000

• "DisableRootAutoUpdate"=dword:00000001

Another way is to fix the certificate, maybe a self signed and add it correctly onto the windows certificate storage at "Trusted Root Certification Authorities" at machine level certificates.

The 15 seconds in real are a default value that can be override from local group policy:

Bonus:

to better understand the process of certificates a specific log on windows can be enabled following the instructions here https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc749296(v%3dws.10)