johncfds
asked on
IE7's problem with self signed certs
Accessing OWA via SSL on a SBS03 server w/SP2 and all current updates IE7 displays the "...problem with this site's certificate..." message. The PC is XP Pro /SP3. On the PC installing the cert into the Trusted Root Certificate Authority location makes no difference. Of course it work flawlessly with IE6. Anyone know what the fix for IE7 is assuming there is one.
ASKER
Had a look at CACert.org. I am considering it. Does anyone know if IE8 beta behaves differently?
your problem comes from the fact that IE 7 is looking to verify the self signed certificate against a root certificate which is not installed on the machine.
To solve this install both the self signed certificate and the root certificate on the workstations.
when you installed your certification authority (i'm going to assume windows based) it generates it's own root certificate. It's the same as going through a free certification authority but you have already done the work to get those certs setup.
To solve this install both the self signed certificate and the root certificate on the workstations.
when you installed your certification authority (i'm going to assume windows based) it generates it's own root certificate. It's the same as going through a free certification authority but you have already done the work to get those certs setup.
ASKER
From within IE7 I have clicked "Certificate Error" "View Certificate" "Install Certificate" and installed it to Trusted Root Certificate Authorities with no change. Which of the two cert installs you say must be done is this and how / where do I do the second?
Thank You,
John.
Thank You,
John.
here is a guide to importing Root CA certificates into e-mail clients.
While this is not exactly the guide you need it will give you the proper steps for exporting the Root Cert.
http://www.isaserver.org/img/upl/exchangekit/importrootca/importrootca.htm
The certificate you installed if the Web site certificate, If you go into that certificate and check it's certification path you will see that it has another certificate on top of it, that is your Root cert, and the one the guide i linked you will help you get.
While this is not exactly the guide you need it will give you the proper steps for exporting the Root Cert.
http://www.isaserver.org/img/upl/exchangekit/importrootca/importrootca.htm
The certificate you installed if the Web site certificate, If you go into that certificate and check it's certification path you will see that it has another certificate on top of it, that is your Root cert, and the one the guide i linked you will help you get.
Assuming you are using a self-signed certificate, the instructions curwengroup has linked to will never work because IE7 needs a root CA certificate in order to verify the authenticity of the server/website certificate.
I believe this was intended design in IE7 so I doubt that IE8 will go back to the way IE6 behaves.
I believe this was intended design in IE7 so I doubt that IE8 will go back to the way IE6 behaves.
The linked instructions were not a step by steps of what needs to be done to accomplish this. it only points him in the direction he needs to look to be able to retrieve his self signed root CA certificate, and install it on client machine, to get them to accept the web certificate.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Once you have the Root CA certificate installed to the trusted root certificates, you will be able to open OWA without getting the certificate warning.
If you do not want to buy a commercial certificate, or run your own CA, there are providers out there offering free certificates, in which case you could get a certificate from them and import their Root CA certificate as a Trusted Root Certificate.
Try www.CACert.org as an example.