tags:

views:

40476

answers:

12
+20  Q: 

What do I need to do to get IE8 to accept a self signed certificate?

We use self signed certificates on our intranet. What do I need to do to get IE8 to accept them without showing an error message to the user? What we did for IE7 apparently isn't working.

EDIT: IE7 wouldn't show any errors if I put the certificate into trusted root certification authorities. IE8 seems to show errors even with the certificate there.

+1  A: 

You should install your certificate as a trusted authority on your computer.

There are numerous way to do that, for exampe you could use mmc (start/run/mmc), add the Certificates Snap-In, and from there you can install your self-signed certificate.

There's no way around that because the whole point of certificates is to warn the user if the website he's visiting has not been certified by a trusted authority.

Brann  2009-03-25 13:58:05
Is there any way to do this other than logging into every single machine?
 2009-03-25 13:59:51
if you're in a corporate environment, and if your company has a certificate installed as a trusted authority on all its computers (which is a common setup), you could use this certificate to sign yours instead of a self-signed certificate
Brann  2009-03-25 14:02:12
It's also possible to install certificates from the command line, so it's definitely possible to automate. How to do that heavily depends on what tools your sysadmins use.
Brann  2009-03-25 14:03:33
IE7 worked if I installed the cert on the local machine. IE8 seems to throw a warning even if I put the signing certificate (this one is self-signed) in trusted root certification authorities.I'm willing to forget the group policy angle for now - I can't even make it work on a single machine.
 2009-03-25 14:17:30
A: 

what were you doing before? For Self-Signed certs, I would normally install the cert locally on the client system.

You may be able to use Group Policy to push a cert to every system.

Rob Haupt  2009-03-25 14:00:31
+1  A: 

You Can use GPO to use the cert within the domain.

But my problem is with IE8, that even with the Cert in the trusted root certification store... it still wont say its a trusted site.

with this and the driver signing that needs to be done now... im starting to wonder who owns my computer!!!!

 2009-06-29 00:56:47
This is happening to me too
Gabe Moothart  2009-07-17 18:31:37
If the issuer is a trusted root, then probably the cert has something wrong with it. Does the Canonical Name on the cert match the hostname the user uses to access the site? Is the current time within the validity range of the cert?
Yuliy  2010-01-13 19:12:32
+3  A: 

Make sure that your self-signed certificate matches your site url. If it does not, you will continue to get a certificate error even after explicitly trusting the certificate in IE8 (don't have IE 7, but firefox will trust the cert regardless of a url mismatch).

If this is the problem, the red "Certificate Error" box in IE8 will show "Mismatched Address" as the error after you add your cert. Also, "View Certificates" has an Issued to: label which shows what url the cert is valid against.

Gabe Moothart  2009-07-17 21:02:15
+23  A: 

How to make IE8 trust a self-signed certificate in 20 irritating steps

  1. Browse to the site whose certificate you want to trust.
  2. When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
  3. Select Tools->Internet Options.
  4. Select Security->Trusted sites->Sites.
  5. Confirm the URL matches, and click "Add" then "Close".
  6. Close the "Internet Options" dialog box with either "OK" or "Cancel".
  7. Refresh the current page.
  8. When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
  9. Click on "Certificate Error" at the right of the address bar and select "View certificates".
  10. Click on "Install Certificate...", then in the wizard, click "Next".
  11. On the next page select "Place all certificates in the following store".
  12. Click "Browse", select "Trusted Root Certification Authorities", and click "OK".
  13. Back in the wizard, click "Next", the "Finish".
  14. If you get a "Security Warning" message box, click "Yes".
  15. Dismiss the message box with "OK".
  16. Select Tools->Internet Options.
  17. Select Security->Trusted sites->Sites.
  18. Select the URL you just added, click "Remove", then "Close".
  19. Now shut down all running instances of IE, and start up IE again.
  20. The site's certificate should now be trusted.
Aya  2009-09-11 16:57:43
In IE 8 (I'm on windows 7), after step 5, uncheck "Enable Protected Mode". Then you can install the cert. But, even after installing the cert, I continue to get the warning and red location bar.
Josh  2010-04-07 14:20:36
I haven't used Windows 7, so it's possible things have changed. The key points are:-1. Ensuring the certificate issuer name precisely matches the domain name of the URL you're using it for.2. Ensuring the certificate is in the "Trusted Root Certification Authorities" store.3. Ensuring you've shut down and restarted ALL instances of IE after installing the cert.It's possible that an embedded ActiveX version of IE in another application, or some other hidden process may be interfering with point #3, so to be absolutely certain that's not the issue, try a complete system reboot.
Aya  2010-05-21 15:59:47
+2  A: 

It's not enough to install the certificate itself, instead you need to install the root certificate of your certification authority. Say if you use Win Server's Certificate Services, its root certificate which was created when CS was installed on that server is the one to be installed. It must be installed to the "Trusted Root Certification Authorities" as described earlier.

Teemu Keiski  2009-09-23 14:39:01
A: 

It doesn't look like it's possible to not have the certificate error any more. I'm on Windows XP with IE 8. Group Policy had installed a self-signed certificate as a trusted root certificate for access to an internal site. When I look at MMC with the certificate snap-in I can see the certificate there OK.

When I look at:

Internet Options => Content => certificates

It isn't there!

This behaviour in IE started since our admins let loose with the last lot of Patch-Tuesday updates which installed on my machine on 10th Dec 2009. Prior to that it was quite happy to accept the certificate as valid.

John C  2009-12-11 04:26:39
+4  A: 

Here is how I got it to work in IE8:

  1. Go to the website in question, https://xxx.yyy.com, for instance,
  2. Click through until you get to the Certificate error in the browser status line.
  3. View the cert, then from the Details tab, select Copy to File.
  4. Save to the desktop as xxx.cer, for example,
  5. Start, Run, MMC.
  6. File, Add/Remove Snap-In,
  7. Select Certificates, Click Add, My User Account, then Finish, then OK,
  8. Dig down to Trust Root Certification Authorities, Certificates,
  9. Right-Click Certificate, Select All Tasks, Import,
  10. Select the Save Cert from the Desktop
  11. Select Place all Certificates in the following Store, Click Browse,
  12. Check the Box that says Show Physical Stores, Expand out Trusted Root Certification Authorities, and select Local Computer there, click OK, Complete the Import,
  13. Check the list to make sure it shows up. You will probably need to Refresh before you see it. Exit MMC,
  14. Open Browser, select Tools, Delete Browsing History
  15. Select all but Inprivate Filtering Data, complete,
  16. Go to Internet Options, Content Tab, Clear SSL State,
  17. Close browser and reopen and test.
Philip Mollica  2010-01-13 19:08:06
Any advice on what to do if "Copy to File..." is disabled?
jessegavin  2010-04-09 19:36:43
A: 

I had the same issue while working with web services. Here Microsoft has a (long) walk-thru showing you how to install stuff on the client to basically say that your self-signed cert is ok. In the end, I just spent the $30 and bought a full certificate from Godaddy.com.

P.S. I know that you can code around the error message but we didn't want to do that for testing reasons.

JBrooks  2010-01-13 19:28:42
+3  A: 

Man, today I've spent a few hours fighting this problem. No matter what I did in the IE 8, the problem remained. The certificate installed by the IE appears in the Trusted Root Certification Authorities of the client PC, however the IE still complains no matter what.

Here's the solution I've discovered:

On the web server:

  • Win+R, MMC, Enter.
  • File, Add-Remove snap-in, Certificates, Add, Manage certificates for: my user account, Finish, OK.
  • Navigate to "Certificates - current user / Trusted Root Certification Authorities / Certificates".
  • Find your certificate, right-click, All tasks / Export.
  • "No, don't export the private key"
  • "DER Encoded binary X.509 (.CER)"
  • Save the file somewhere.
  • Transfer the newly created .CER file to the client PC.

On the client machine:

  • Win+R, MMC, Enter.
  • File, Add-Remove snap-in, Certificates, Add, Manage certificates for: my user account, Finish, OK.
  • Navigate to "Certificates - current user / Trusted Root Certification Authorities / Certificates".
  • Right-click on Certificates container, All tasks / Import
  • Choose your .CER file you've transferred from the server machine.
  • On the next screen, choose "Place all certificates in the following store", click "Browse", check "Show physical stores", then choose "Trusted Root Certification Authorities / Local Computer".
  • Press "Finish" finally.
  • In Internet Explorer: Tools - Delete browsing History,
  • In Internet Explorer: Tools - Internet options - "Content" tab - Clear SSL state button.
Soonts  2010-01-16 18:48:13
A: 

Unfortunately none of the solutions worked for me. I used IE8 on Windows7. When I was looking for a solution, I found the settings about login information in the control panel. So I add under the certificate based information a new entry with the adress of my server and I chose my prefered certificate.

After a clear of the ssl cache in IE8 I just refreshed the site and the right certificate was sent to the server.

This isn't the solution which I wanted but it works.

p2u  2010-02-21 17:21:03
+2  A: 

I got it working like this

  1. Start IE with Run as Administrator
  2. Browse to server computer using the computer name (ignore certificate warnings)
  3. Click the ”Certificate Error” text in the top of the screen and select ”View certificates”
  4. In the Certificate dialog, click Install Certificate -> Next
  5. Select Place all certificates in the following store -> Browse
  6. Check Show Physical Stores check box
  7. Select Trusted Root Certificate Authorities – Local Computer
  8. Click OK – Next – Finish – Ok
  9. Restart IE
Jay67A  2010-06-02 06:47:30

related questions

html form not working with select list in IE8 (IE7 Compatability)
Should I be developing for Internet Explorer 8?
Running IE6, IE7, and IE8 on the same machine
Inspect in IFrame in IE8 Developer Tools?
Fade In/Out and create/hide <DIV> with javascript
Designing web site for Explorer 8
What is the source of /path/(null) requests?
IE8 shows "Internet Explorer cannot display the webpage"
IE & Drop Down Menus triggering the Pop-Up Blocker
Error on IE8 initialisation (ordinal 650 not founded in iertutil.dll)
How do I make Standards mode work as well as quirks mode?
How do you feel about including ie7.js or ie8.js in your page?
How do I reduce the flicker in IE on postback?
What are the most likely causes of Javascript errors in IE8?
Really strange IE 8 Beta 2 behaviour
Does Internet Explorer 8 support HTML 5?
$.getJSON returning cached data in IE8
Internet Explorer 8 and CSS
IE8 loses cookies when opening a new window after a redirect
Will targeting IE8 with conditional comments work?
Internet Explorer 8 and IE 6 side by side
Internet Explorer 8 beta 2 and Standards
Visual Studio 2008 / Web site problem
Is there any difference between the box models of IE8 and Firefox3?
IE8 overflow:auto with max-height