Reputation: 5399
Internet Explorer 9 warns about invalid site certificates
I've written an application that uses some flash components. To allow these flash components to work with other machines, I need to accept certificates from these machines or skip certificate errors permanently on user machines to accomplish this.
I tried the following, but none of this worked for me:
- Install certificate to the Trusted Root Certification Authorities.
- Adding the site to the trusted sites in Internet Explorer.
- Clearing the SSL cache, browsing history, browser cache, etc.
- Uncheking "Warn about certificate address mismatch" in the Advanced tab of Internet Explorer settings.
- Unchecking "Check for publisher's/server certificate revocation". Rebooting machine, reloading IE, and cleaning the Windows registry.
Nothing stated above was able to help me.
I also have read/heard 'warn about invalid site certificates' setting in Internet Explorer (this article states it exists), but I haven't find it in the Internet Explorer 9 settings.
Could somebody suggest any way of how certificate warning can be skipped?
Thanks in advance!
p.s. Here is what the warning states:
- The security certificate presented by this website was not issued by a trusted certificate authority. (Installing certificate to the Trusted Root Certification Authorities should resolve it, but it didn't)
- The security certificate presented by this website was issued for a different website's address.(Unchecking "Warn about certificate address mismatch" in advanced tab of Internet Explorer settings should resolve it, but it didn't as well)
Upvotes: 2
Views: 8052
Answers (2)
Reputation: 3091
Yes, I'm fully aware that this is a very old thread.
But after doing research on this problem, in Windows 7, I came up with a new solution, one which actually works -- and one which I haven't seen suggested anywhere online.
I'm posting it here (which might or might not be the ideal place for it!!) on the assumption that the nature of my solution potentially makes this a valid fix for ANY version of Internet Explorer! As a fix, it's a bit conventional, so I'm surprised I've never seen anyone propose it before.
.
This is a fix for when the IE browser reports a red 'Certificate Error' notice in the URL address bar.
- Click in Internet Explorer, on the red 'Certificate Error' notice in the URL address bar.
- Click on 'View Certificate'.
- Export the Certificate to the Desktop (save it as type .p7b and choose the option to save the whole chain of certificates) [a "PKCS #7 Certificate" is saved].
- Go to: Start > Run
- Type mmc then click 'OK', to launch the mmc snap-in.
- In the mmc snap-in, go to: File > Open
- Open 'Console1.msc'
- Import the saved certificate, from the Desktop: Action > All Tasks > Import
- Save it in: Trusted Root Certification Authorities
.
How to create 'Console1.msc' -
- Go to: Start > Run
- Type mmc then click 'OK', to launch the mmc snap-in.
- Go to: File > Add/Remove snap-in
- In 'Available snap-ins', highlight/click 'Certificates' and then click 'Add'
- Select 'Computer account' then click 'Next'
- Select 'Local computer' then click 'Finish'
- Click 'OK'
- Save the snap-in for future use: File > Save As and save it as 'Console1.msc'
Upvotes: 0
Reputation: 57125
Adding the certificate to the Trusted Root CA store will resolve the "The security certificate presented by this website was not issued by a trusted certificate authority." message. Note that you need to trust the root certificate that the server's certificate chains to, which may or may not be the same certificate that the server sent.
The "Warn about certificate address mismatch" checkbox resolves the "Security certificate presented for this website was issued for a different website's address" error only. It's unsafe to uncheck this box because it applies to all sites.
Changing "Check for publisher/server certificate revocation" will not help you.
If you're doing this only for test purposes, consider simply running Fiddler in HTTPS-decryption mode. Fiddler will hit the certificate error and you can ignore it for the lifetime of the Fiddler session.
Alternatively, your best approach is to simply fix the certificate on the other server. If it's self-signed and you don't want to pay for a CA certificate, at a very minimum you should update the self-signed certificate to contain the proper CN or SubjectAltName to match that server's hostname.
Upvotes: 3
Related Questions
- Internet Explorer shows valid certificate as "corrupt or invalid signature"
- how fix "this certificate cannot be verified up to a trusted certification authority"
- Internet Explorer 11- issue with security certificate error prompt
- IE 11 Error: Issue with website’s security certificate
- Internet Explorer blocked this website from displaying content with security certificate errors
- SSL/TLS Issues on IE9
- IE9 how to trace "Internet explorer blocked this website from displaying content with security certificate errors."
- IE8 error with Certificate
- SSL Certificate seen as invalid by older versions of IE
- Windows 7 only, IE only, thinks my website certificate has a problem?