mike2401
asked on
Certificate cannot be verified up to trusted certification authority
We have an Exagrid server (de-duplicating storage device which is running some flavor of linux) on our internal network.
Its IP address is 10.1.1.40
It issued its own self-signed certificate: Certificate Path = "Exagrid Local Root CA \ Exagrid Local Site CA \ dev1.ourdomain.com"
When I browse to: httpS://10.1.1.40 (or to httpS://exagrid.mydomain.com), I get the error: "Certificate cannot be verified up to trusted certification authority"
Question: what's the best practice so that any client on our internal network can talk httpS to this internal exagrid linux server?
Should the exagrid folks provide me a certificate that I'm supposed to distribute to all the clients on our internal windows network?
Or, am I supposed to get a public certificate for exagrid.mydomain.com which would resolve to an internal 10.1.1.40 address?
Exagrid provided me a file names: cacert.pem ; I'm not sure what to do with this.
Thanks and sorry if this is a really dumb question.
Mike
Its IP address is 10.1.1.40
It issued its own self-signed certificate: Certificate Path = "Exagrid Local Root CA \ Exagrid Local Site CA \ dev1.ourdomain.com"
When I browse to: httpS://10.1.1.40 (or to httpS://exagrid.mydomain.com), I get the error: "Certificate cannot be verified up to trusted certification authority"
Question: what's the best practice so that any client on our internal network can talk httpS to this internal exagrid linux server?
Should the exagrid folks provide me a certificate that I'm supposed to distribute to all the clients on our internal windows network?
Or, am I supposed to get a public certificate for exagrid.mydomain.com which would resolve to an internal 10.1.1.40 address?
Exagrid provided me a file names: cacert.pem ; I'm not sure what to do with this.
Thanks and sorry if this is a really dumb question.
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you can still connect via https with an untrusted certificate.. the browser will keep warning you though
ASKER
Thanks!!! I added the .PEM file via GPO Computer | windows | public key policies | trusted root certif authorities.
I decided to scope the GPO to just IT users, so I think we're good now.
Thanks!
I decided to scope the GPO to just IT users, so I think we're good now.
Thanks!