SSL Certificate fails for users outside the firewall

Posted on 2005-04-06
Last Modified: 2010-08-05
I recently setup a Microsoft Certifiate server and installed a certificate on one of my websites. My certificate server is not available outside the firewall. Everything appears to be setup fine on the server. The client gets the following error message:

Web Site Certified by an Unknown Authority
Unable to verify the identity of as a trusted site
Possible reasons for this error:
- Your browser does not recognize the Certifiate Authority that issued the site's certificate
- The site's certificate is incomplete due to a server misconfiguration
- You are connected to a site pretending to be, possibly to obtain your confidential information.

Do I need to open certain incoming ports for my Certificate Server?
Question by:periker
    LVL 2

    Expert Comment

    instead of installing the specific certificate "", you could create a wildcard certificate "*" which would cover various websites under  Other then that, did you install the certificate on the computer in question(when the warning pops up, follow the 'install' button into a trusted folder).
    LVL 104

    Accepted Solution

    That is a standard error when you are using home grown certificates.

    Certificates are based on trust - the organisation issuing the certificate is trusted by the web browser to confirm that the server is who it says it is. This trust is built in.

    Your certificate and certificate server is not in the list of trusted organisations to issue a certificate - so the browser flags this as a security issue. Good job too otherwise the phishing scams would have a much higher success rate.

    Personally I have given up issuing my own certificates other than in the lab. I think home grown certificates look amateurish and show that you aren't taking security seriously.
    Instead I purchase a certificate, usually from RapidSSL. For most purposes their StarterSSL is fine. Obviously for eCommerce I would cough up for a Verisign certificate.

    This avoids having to install certificates on the machines, or telling your users to ignore the warning (which is a dangerous thing to do)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now