Link to home
Start Free TrialLog in
Avatar of ulink
ulink

asked on

IE7 and Trusted Certificates Nightmare

We have several clients who run Exchange for their orginizations mail. For OWA access I am using a certificate issued by the Domain Controller in the domain which works just dandy in Internet Explorer 6. In Internet Explorer 7 a screen comes up saying that the certificate is not from a Trusted Certification Authority so the site is not safe. I cannot for the life of me figure out how to stop this behavior. I have added the OWA website into the trusted sites list. I have tried importing the certificate into the Root Certification Authority but it wont take it. Any ideas?
Avatar of war1
war1
Flag of United States of America image
Greetings, ulink !

Here is how to step through the warning message
http://www.ie-vista.com/secure.html#cert%20problems

Best wishes!
Avatar of MichaelPro
MichaelPro
Well, i don't think you want to go to all internet explorers throughout the company and update them one by one; if you do not want to do so, make sure "Trusted Publisher" and Intermediates are set correctly. To find out of these are the problems, once you open the certificate, go to details/certificate path, and see if any cert in the certification path has a problem. for example, if you are missing trusted-publisher, you can add the publisher on your ActiveDirectory and all computers will have it then. OR, you can just add it.
Avatar of ulink
ulink

ASKER

This behavior only occurs on computers that are not part of the Domain. I have tried installing the certificate bit it still complains that the certificate is not from a trusted root authority.
Avatar of ulink
ulink

ASKER

Since I have not gotten a solution, I will submit to have the question closed.
Avatar of war1
war1
Flag of United States of America image
ulink,

I posted a possible solution to step through the warning message.  Did you try it? What is the result?
Avatar of ulink
ulink

ASKER

Yes. As far as I have been able to figure out, Internet Explorer 7 will throw up that page it the root certificate is not from a trusted authority like Verisign
Avatar of war1
war1
Flag of United States of America image
Then there is no workaround if the site's certificate is expired; contact the site owner and request that they update the certificate.

If the address in the certificate does not match the site's address, this warning can be disabled by unchecking the Warn about invalid site certificates checkbox in the Security section of the Advanced tab of the Internet Control Panel.

If the certificate was not signed by a trusted certification authority, you can add the certification authority if you trust the authority. Trusting a malicious certification authority will put your computer at risk, so use discretion. To add a Trusted certification authority, continue navigation from the Certificate Error page, and then click the Certificate Error button in the Internet Explorer address bar. Click the View Details link. On the Certification Path tab, select the root certificate and click the View Certificate button. On the General tab, click Install Certificate.

http://msdn2.microsoft.com/en-us/aa701133.aspx
Avatar of ulink
ulink

ASKER

I set the certificates to expire in 50 years. Certificates are installed under trusted root certificates. FQDN is correct. It worked fine under IE6. When I loaded IE7 it started throwing up the error.
ASKER CERTIFIED SOLUTION
Avatar of RomMod
RomMod
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial