cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL certificate error message in IE

Go to solution
fabio_bellocchio
Participant

on ‎05-08-2014 11:07 PM

0 Kudos


Dear SDN,

we are trying to establish an SSL environment in our Portal systems, however, by researching in this forum, it seems to me that the ONLY way to get over the "untrusted SSL certificate" warnings in our users browsers is to generate a Signed Certificate, by means of a Certification Authority.

Please, could someone tell me if this is correct?

Is there another way to fix the unpleasant messages of "untrusted certificate" in the Internet Explorer, after a proper setup of the SSL scenario?

Thank you.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-08-2014 11:32 PM
0 Kudos

As long as the certificate used to sign the certificate is trusted, you will not get the warning. Many customers choose to use internally signed certificates because of the extra cost involved in getting them signed by a CA. Having a PKI helps, you can distribute certificates automatically. Can you describe your infrastructure a bit more? Do you have Windows domain? Could you leverage Microsoft Certificate Services?

Show replies
Show replies
former_member184548
Participant
‎05-09-2014 6:11 AM
0 Kudos

Hi Fabio

Two ways -

1. Get certificate from CA and import it in portal

2. If you are using self signed certificate then you need to install that certificate on users IE.

Thanks

Atul

fabio_bellocchio
Participant
‎05-09-2014 1:49 PM
0 Kudos

Hi Samuli and colleagues,

we have our clients running IE 9 32bit, 256-bit coding level, on Windows 7.

We are now on DEV environment, no SSO, but next step is to integrate login with Windows (AD). We will also have Web Dispatcher, in a DMZ for external access, in which case it would be interesting to know if it is enough to treat the SSL only in the WD, or if it has to comprise all Web servers.

Sorry Samuli, what is PKI? And how to ensure that the Certificate used to sign the Certificate is trusted?

Thank you all.

Former Member
‎05-09-2014 2:21 PM
0 Kudos

PKI is short for Public Key Infrastructure. Since you have a Windows domain you should talk to your Windows admins about their capability of issuing certificates, with Microsoft Certificate Services for example. The certificate used to sign other certificates can be made trusted by installing it into all client browsers, applications, etc. as trusted. That can be either a manual, scripted or automated step depending what software capabilities your have.

fabio_bellocchio
Participant
‎05-09-2014 8:07 PM
0 Kudos

Thanks alot for your orientation, Samuli.

In other words, would you say that importing the Windows LDAP server Certificates into Portal would establish trust between the Windows domain clients and the Portal (considering LDAP is the data source for Portal users) ?

Matt_Fraser
Active Contributor
‎05-09-2014 8:15 PM
0 Kudos

Hi Fabio,

Since you are using Active Directory, your Windows/Network Administration group can setup a Microsoft Certificate Authority server (this is relatively easy to do), and you can use Group Policy to push the CA (Certificate Authority) certificate out as a trusted root authority to all the Internet Explorer browsers on workstations that are members of your Active Directory domain.  This makes it automated, no logon script or manual intervention on workstations required.  Then, you use your CA server to sign the certificate requests you generate from your Portal, and import the signed certificate back into the Portal.  Your IE browsers will now trust the Portal's certificate, because it is signed by your internal CA, and the browsers trust the internal CA because that trust has been pushed out by Group Policy.

For your DMZ Web Dispatcher, however, you will need to get your certificate signed by a regular external CA, such as Thawte or Verisign, because you need it to be trusted by external clients who are not members of your domain, and to whom therefore you cannot push trust of your internal CA.

I hope this helps explain the process at a high level.

Regards,

Matt

fabio_bellocchio
Participant
‎05-09-2014 10:59 PM
0 Kudos

That is a complete and crystal-clear exposition.

Thank you very much Matt.

(how to assign points here?)

Matt_Fraser
Active Contributor
‎05-09-2014 11:08 PM
0 Kudos

Thank you!  You should see a couple of buttons by each reply labeled "Helpful Answer" or "Correct Answer."  Press "Helpful" for any and all replies that added to the discussion (they will earn their authors 5 points each.... you have a limit for how many you can award per message thread, but it's higher than the number of replies so far in this one).  Press "Correct" for the one that was the ultimate answer.  That will award 10 points and you can only do it once per question.

Welcome to gamification! 

Answers (1)

Answers (1)

Sriram2009
Active Contributor
‎05-09-2014 8:27 AM
0 Kudos

Hi

What is the OS(32 or 64) & IE Version ?

BR

SS

Show replies
Show replies
fabio_bellocchio
Participant
‎05-16-2014 2:49 PM
0 Kudos

Hi,

Windows 64 and IE 11.

Thanks

Sriram2009
Active Contributor
‎05-16-2014 4:42 PM
0 Kudos

Hi

Kindly do the settings in the client desktop as mention in the SCN link

BR

SS

Akashcm10
Explorer
‎05-19-2014 10:39 AM
0 Kudos

Goto -> control panel -> internet options -> Content -> Certificates.

Add your certificate Here.

Hope it works.

Ask a Question