diff --git a/dlls/urlmon/sec_mgr.c b/dlls/urlmon/sec_mgr.c
index 89669f9f3cb..87b8fda30d2 100644
--- a/dlls/urlmon/sec_mgr.c
+++ b/dlls/urlmon/sec_mgr.c
@@ -293,6 +293,59 @@ static HRESULT get_action_policy(DWORD zone, DWORD action, BYTE *policy, DWORD s
     return hres;
 }
 
+static HRESULT parse_security_uri(IUri *uri, PSUACTION action, IUri **result) {
+    WCHAR buf1[INTERNET_MAX_URL_LENGTH], buf2[INTERNET_MAX_URL_LENGTH];
+    LPWSTR url, tmp;
+    HRESULT hres;
+    DWORD len = 0;
+    BOOL use_url = FALSE;
+
+    url = buf1;
+    tmp = buf2;
+    *result = NULL;
+
+    hres = IUri_GetPropertyLength(uri, Uri_PROPERTY_ABSOLUTE_URI, &len, 0);
+    if(FAILED(hres))
+        return hres;
+
+    hres = CoInternetParseIUri(uri, PARSE_SECURITY_URL, 0, url, len+1, &len, 0);
+    if(hres == S_OK) {
+        use_url = TRUE;
+        while(TRUE) {
+            hres = CoInternetParseUrl(url, PARSE_SECURITY_URL, 0, tmp, len+1, &len, 0);
+            if(hres != S_OK || !strcmpW(url, tmp))
+                break;
+
+            if(url == buf1) {
+                url = buf2;
+                tmp = buf1;
+            } else {
+                url = buf1;
+                tmp = buf2;
+            }
+        }
+    }
+
+    if(action == PSU_DEFAULT) {
+        if(use_url) {
+            hres = CoInternetParseUrl(url, PARSE_SECURITY_DOMAIN, 0, tmp, len+1, &len, 0);
+            url = tmp;
+        } else {
+            hres = CoInternetParseIUri(uri, PARSE_SECURITY_DOMAIN, 0, url, len+1, &len, 0);
+            if(hres == S_OK)
+                use_url = TRUE;
+        }
+    }
+
+    if(use_url) {
+        hres = CreateUri(url, 0, 0, result);
+        if(FAILED(hres))
+            return hres;
+    }
+
+    return S_OK;
+}
+
 /***********************************************************************
  *           InternetSecurityManager implementation
  *
@@ -1344,6 +1397,11 @@ HRESULT WINAPI CoInternetGetSecurityUrlEx(IUri *pUri, IUri **ppSecUri, PSUACTION
     if(!pUri || !ppSecUri)
         return E_INVALIDARG;
 
+    /* Try to find the Security url using pluggable protocols first. */
+    hres = parse_security_uri(pUri, psuAction, ppSecUri);
+    if(FAILED(hres) || *ppSecUri)
+        return hres;
+
     hres = IUri_GetScheme(pUri, (DWORD*)&scheme_type);
     if(FAILED(hres))
         return hres;
diff --git a/dlls/urlmon/tests/sec_mgr.c b/dlls/urlmon/tests/sec_mgr.c
index 4ab93c91b50..d5e7426ab30 100644
--- a/dlls/urlmon/tests/sec_mgr.c
+++ b/dlls/urlmon/tests/sec_mgr.c
@@ -1045,9 +1045,9 @@ static void test_InternetGetSecurityUrlEx_Pluggable(void)
         hr = pCoInternetGetSecurityUrlEx(uri, &result, PSU_DEFAULT, 0);
         ok(hr == S_OK, "CoInternetGetSecurityUrlEx returned 0x%08x, expected S_OK\n", hr);
 
-        todo_wine CHECK_CALLED(ParseUrl_SECURITY_URL_input);
-        todo_wine CHECK_CALLED(ParseUrl_SECURITY_URL_expected);
-        todo_wine CHECK_CALLED(ParseUrl_SECURITY_DOMAIN_expected);
+        CHECK_CALLED(ParseUrl_SECURITY_URL_input);
+        CHECK_CALLED(ParseUrl_SECURITY_URL_expected);
+        CHECK_CALLED(ParseUrl_SECURITY_DOMAIN_expected);
 
         if(hr == S_OK) {
             BSTR received = NULL;
@@ -1055,9 +1055,8 @@ static void test_InternetGetSecurityUrlEx_Pluggable(void)
             hr = IUri_GetAbsoluteUri(result, &received);
             ok(hr == S_OK, "GetAbsoluteUri returned 0x%08x\n", hr);
             if(hr == S_OK) {
-                todo_wine
-                    ok(!strcmp_w(security_expectedW, received), "Expected %s but got %s\n",
-                        wine_dbgstr_w(security_expectedW), wine_dbgstr_w(received));
+                ok(!strcmp_w(security_expectedW, received), "Expected %s but got %s\n",
+                    wine_dbgstr_w(security_expectedW), wine_dbgstr_w(received));
             }
             SysFreeString(received);
         }
@@ -1071,8 +1070,8 @@ static void test_InternetGetSecurityUrlEx_Pluggable(void)
         hr = pCoInternetGetSecurityUrlEx(uri, &result, PSU_SECURITY_URL_ONLY, 0);
         ok(hr == S_OK, "CoInternetGetSecurityUrlEx returned 0x%08x, expected S_OK\n", hr);
 
-        todo_wine CHECK_CALLED(ParseUrl_SECURITY_URL_input);
-        todo_wine CHECK_CALLED(ParseUrl_SECURITY_URL_expected);
+        CHECK_CALLED(ParseUrl_SECURITY_URL_input);
+        CHECK_CALLED(ParseUrl_SECURITY_URL_expected);
 
         if(hr == S_OK) {
             BSTR received = NULL;
@@ -1080,9 +1079,8 @@ static void test_InternetGetSecurityUrlEx_Pluggable(void)
             hr = IUri_GetAbsoluteUri(result, &received);
             ok(hr == S_OK, "GetAbsoluteUri returned 0x%08x\n", hr);
             if(hr == S_OK) {
-                todo_wine
-                    ok(!strcmp_w(security_expectedW, received), "Expected %s but got %s\n",
-                        wine_dbgstr_w(security_expectedW), wine_dbgstr_w(received));
+                ok(!strcmp_w(security_expectedW, received), "Expected %s but got %s\n",
+                    wine_dbgstr_w(security_expectedW), wine_dbgstr_w(received));
             }
             SysFreeString(received);
         }