Reputation: 5800
How to create a trusted self signed SSL certificate
I create a self signed certificate in IIS7.5 and I am getting an error that follows
There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
More information
If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.
For more information, see "Certificate Errors" in Internet Explorer Help.
How to fix this error?
Upvotes: 17
Views: 86536
Answers (5)
Reputation: 1194
Problem
When you create a self signed certificate you must Trust the Certificate Authority with every device accessing the server. Nevertheless, that means that you must create also a root CA, and use it to sign the other certificates. To be honest the process is a bit complicated and it already has given many people headaches before you.
Solution
Manually
You can either do it yourself, in which case I would advise you this cheatsheet which is pretty well explained. But it's missing one step that seems pretty important to me: creation of the fullchain.pem. Where you basically need to concatenate all certificates into one file (CA and Certificate). I always had issues when that was not done.
Half-automated
I ended up creating a script that does most of the painful part for you. It is pretty easy to use, and should include every step you need.
Download Home-Certificate-Generator
Execute
bash generate_certificate.sh(see documentation or-hfor more options)Follow the instruction to create the Root CA and the certificates
Import the Root CA to your device (check the
-hor this cheatsheet)Import the Certificates on your servers (that you should look in the documentation of whatever your server is)
You can also use an existing Root CA.
The documentation is in the GitHub page of the project.
Feel free to help me improve the project.
Upvotes: 0
Reputation: 1379
Right-click the “Internet Explorer” icon, then choose “Run as administrator“ or just the application in “Internet Explorer”.
Visit the website, and choose the option to “Continue to this website (not recommended).”.
Click where it says “Certificate error” in the address bar, then choose “View certificates“.
Select “Install Certificate…“.
Select “Next“. Select the “Place all certificates in the following store” option. Select “Browse…“.
Choose “Trusted Root Certification Authorities“, then select “OK“.
Select “Yes” when prompted with the security warning.
Select “OK” on the “The import was successful” message Select “OK” on the “Certificate” box.
Rerun the Applications.
Upvotes: 1
Reputation: 11
You can also perform this manually if you have the certificate file. Use the Windows management console tool - certmgr.msc. Among other features, it allows you to manually import self-signed certificates.
http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates
Upvotes: 1
Reputation: 175766
Its not an error its a warning, the certificate you generated is not trusted by the browser.
To supress this on machines you control you can add the certificate to the trusted root CA store (Example).
If this machine is on the internet/accessed by machines you do not control, you cannot alter this behaviour unless you purchase a cert from a trusted issuing CA.
Upvotes: 25
Reputation: 120410
Only you can trust a self signed certificate. If you want one that is universally trusted, you'll need to buy one from an issuing authority. However, it appears that this particualr certificate was issued for a different domain from the one that is being visited. FIx this, and you'll probably get another warning about trust.
Upvotes: 2
Related Questions
- How to make browser to accept /trust Self Signed Cert
- How do I create a self signed SSL certificate to use while testing a web app
- Error while creating self-signed SSL certificate
- SSL Self Signed Certificate Error
- Automatically using self signed SSL certificate
- how to generate a self signed and configure an SSL?
- How to create a self signed certificate using SelfSSL
- How to create Self signed certificates
- SSL self signed certificates
- Self signed certificate for machine to machine https connection