What do I need to do to get Internet Explorer 8 to accept a self signed certificate

Question

We use self signed certificates on our intranet  What do I need to do to get Internet Explorer 8 to accept them without showing an error message to the user  What we did for Internet Explorer 7 apparently isn t working   EDIT  Internet Explorer 7 wouldn t show any errors if I put the certificate into trusted root certification authorities  Internet Explorer 8 seems to show errors even with the certificate there

User · Answer

You can use CertMgr to add a certificate as a trusted publisher or if it is self-signed, as a root certificate

CertMgr.exe /add CertificateFileName.cer /s /r localMachine root

See Microsoft's documentation here:

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/using-certmgr-to-install-test-certificates-on-a-test-computer

User · Answer

I had the same issue while working with web services   Here Microsoft has a  long  walk-thru showing you how to install stuff on the client to basically say that your self-signed cert is ok   In the end  I just spent the  30 and bought a full certificate from Godaddy com     P S  I know that you can code around the error message but we didn t want to do that for testing reasons

User · Answer

Here is how I got it to work in IE8    Go to the website in question  https   xxx yyy com  for instance  Click through until you get to the Certificate error in the browser status line  View the cert  then from the Details tab  select Copy to File  Save to the desktop as xxx cer  for example  Start  Run  MMC  File  Add Remove Snap-In  Select Certificates  Click Add  My User Account  then Finish  then OK  Dig down to Trust Root Certification Authorities  Certificates  Right-Click Certificate  Select All Tasks  Import  Select the Save Cert from the Desktop Select Place all Certificates in the following Store  Click Browse  Check the Box that says Show Physical Stores  Expand out Trusted Root Certification Authorities  and select Local Computer there  click OK  Complete the Import  Check the list to make sure it shows up  You will probably need to Refresh before you see it  Exit MMC  Open Browser  select Tools  Delete Browsing History Select all but Inprivate Filtering Data  complete  Go to Internet Options  Content Tab  Clear SSL State  Close browser and reopen and test

User · Answer

It doesn t look like it s possible to not have the certificate error any more  I m on Windows XP with IE 8  Group Policy had installed a self-signed certificate as a trusted root certificate for access to an internal site  When I look at MMC with the certificate snap-in I can see the certificate there OK   When I look at   Internet Options    Content    certificates   It isn t there   This behaviour in IE started since our admins let loose with the last lot of Patch-Tuesday updates which installed on my machine on 10th Dec 2009  Prior to that it was quite happy to accept the certificate as valid

User · Answer

I have tried lots and lots of steps from different people posted on different websites  But none of them mention that I should add the certificate into the Trusted People keystore   That s right  placing it under trusted CA is not enough for my case  I have to put the certs inside the Trusted People also   That s    Run MMC Add Certificate Snap-in choose Local Computer Expand Certificates Local Computer  -  Trusted People -  Certificates Right click All Task -  Import Finish the wizard   To export the certificate    Run IE as admin  right click  run as admin  When prompted invalid cert  go ahead visit the website anyway Click the certificate error near the address  click view certificate Go to Details tab  click Copy To file Save as   cer file    I m on IE9  Windows 7

User · Answer

I tried all mentioned solutions but none of them worked  Using Internet Explorer 11  11 0 9600 17914   there was no way of accepting invalid certificates as the error looked exactly as an 404   What helped was the following  - add host to trusted sites  as mentioned a couple of times here  - disable TLS 1 2 and enable SSL 1 0  amp  SSL 2 0  The last step is something you should ONLY DO if you know what you re doing  We need to use a pretty strange setup here at work  thus we couldn t find another way of getting access to the system  Usually  downgrading security like that should not be done

User · Answer

What were you doing before   For self-signed certificates  I would normally install the certificate locally on the client system   You may be able to use Group Policy to push a certificate to every system

User · Answer

Unfortunately none of the solutions worked for me  I used Internet Explorer 8 on Windows 7  When I was looking for a solution  I found the settings about login information in the control panel  So I added a new entry under the certificate based information with the address of my server and I chose my prefered certificate   After a clear of the SSL cache in Internet Explorer 8 I just refreshed the site and the right certificate was sent to the server   This isn t the solution which I wanted  but it works

User · Answer

How to make IE8 trust a self-signed certificate in 20 irritating steps   Browse to the site whose certificate you want to trust  When told    There is a problem with this website s security certificate      choose    Continue to this website  not recommended      Select Tools Internet Options  Select Security Trusted sites Sites  Confirm the URL matches  and click    Add    then    Close     Close the    Internet Options    dialog box with either    OK    or    Cancel     Refresh the current page  When told    There is a problem with this website s security certificate      choose    Continue to this website  not recommended      Click on    Certificate Error    at the right of the address bar and select    View certificates     Click on    Install Certificate        then in the wizard  click    Next     On the next page select    Place all certificates in the following store     Click    Browse     select    Trusted Root Certification Authorities     and click    OK     Back in the wizard  click    Next     then    Finish     If you get a    Security Warning    message box  click    Yes     Dismiss the message box with    OK     Select Tools Internet Options  Select Security Trusted sites Sites  Select the URL you just added  click    Remove     then    Close     Now shut down all running instances of IE  and start up IE again  The site   s certificate should now be trusted

User · Answer

This may help someone I am on IE11 windows 7 and what I did In addition to install the certificate is Going to internet options     advance tab      security      remove the check   from warn about certificate address mismatch  in addition to below  - dont forget to close All IE instances and restart- after finishing     1-Start Internet Explorer running    2-Browse to server computer using the computer name  ignore certificate warnings   3-Click the    Certificate Error    text in the top of the screen and select    View certificates     4-In the Certificate dialog  click Install Certificate -  Next  5-Select Place all certificates in the following store -  Browse  6-Install to the trusted root Certification      then restart    Hope this help someone

User · Answer

How to install the CA Root Cert  and not the Website Cert   IE8  Win7   When you bring up the certificate details you are looking at the website cert  and not the CA cert  The General tab will say   This certificate cannot be verified     You need to select the CA by clicking on the Certification Path tab  and selecting the top most cert in the path  It should have a red X icon  and should say   This CA Root certificate is not trusted because     Click the View Certificate button  and on this new General tab you should see   This CA Root is not trusted     This is the certificate that you want to import into the Trusted Root Certificate Authority    Once you have imported the CA  you do not need to import the regular website cert  That cert will get matched up to the CA you just imported  and IE will treat everything as working normally  You do not need to run IE as Admin  and you do not need to add the site to trusted sites first  You do need to restart IE after the import

User · Answer

As everyone else has mentioned  the first task is to add the certificate to the Trusted Root Authority   There is a custom exe  selfssl exe  which will create a certificate and allow you to specify the Issued to  value  the URL   This means Internet explorer will validate the issued to url with the custom intranet url   Make sure you restart Internet Explorer to refresh changes

User · Answer

If you are doing some local testing and that you add some alias in the hosts files say     127 0 0 1      www mysite com   and try to use any of the above procedures you will fail  The reason is that you will import a certificate for localhost  The certificate URL won t match   In that situation you will have to generate a self-signed certificate and THEN import it as described above   If you are using Xampp the generation of the correct certificate can be done easily using c  xampp apache makecert bat

User · Answer

You can use GPO to use the certificate within the domain   But my problem is with Internet Explorer 8  that even with the certificate in the trusted root certification store    it still won t say it s a trusted site   With this and the driver signing that needs to be done now    I m starting to wonder who owns my computer

User · Answer

I got it working like this   Start Internet Explorer running as a user with administrative privileges  Browse to server computer using the computer name  ignore certificate warnings  Click the    Certificate Error    text in the top of the screen and select    View certificates    In the Certificate dialog  click Install Certificate -  Next Select Place all certificates in the following store -  Browse Check Show Physical Stores check box Select Trusted Root Certificate Authorities     Local Computer Click OK     Next     Finish     OK Restart Internet Explorer

User · Answer

You should install your certificate as a trusted authority on your computer   There are numerous way to do that  for exampe you could use mmc  start run mmc   add the Certificates Snap-In  and from there you can install your self-signed certificate   There s no way around that because the whole point of certificates is to warn the user if the website he s visiting has not been certified by a trusted authority

User · Answer

It s not enough to install the certificate itself  instead you need to install the root certificate of your certification authority  Say if you use Win Server s Certificate Services  its root certificate which was created when CS was installed on that server is the one to be installed  It must be installed to the  Trusted Root Certification Authorities  as described earlier

User · Answer

Make sure that your self-signed certificate matches your site URL  If it does not  you will continue to get a certificate error even after explicitly trusting the certificate in Internet Explorer 8  I don t have Internet Explorer 7  but Firefox will trust the certificate regardless of a URL mismatch    If this is the problem  the red  Certificate Error  box in Internet Explorer 8 will show  Mismatched Address  as the error after you add your certificate  Also   View Certificates  has an Issued to  label which shows what URL the certificate is valid against

User · Answer

Man  today I ve spent a few hours fighting this problem  No matter what I did in the IE 8  the problem remained  The certificate installed by the IE appears in the Trusted Root Certification Authorities of the client PC  however the IE still complains no matter what   Here s the solution I ve discovered   On the web server    Win R  MMC  Enter  File  Add-Remove snap-in  Certificates  Add  Manage certificates for  my user account  Finish  OK  Navigate to  Certificates - current user   Trusted Root Certification Authorities   Certificates   Find your certificate  right-click  All tasks   Export   No  don t export the private key   DER Encoded binary X 509   CER   Save the file somewhere  Transfer the newly created  CER file to the client PC    On the client machine    Win R  MMC  Enter  File  Add-Remove snap-in  Certificates  Add  Manage certificates for  my user account  Finish  OK  Navigate to  Certificates - current user   Trusted Root Certification Authorities   Certificates   Right-click on Certificates container  All tasks   Import Choose your  CER file you ve transferred from the server machine  On the next screen  choose  Place all certificates in the following store   click  Browse   check  Show physical stores   then choose  Trusted Root Certification Authorities   Local Computer   Press  Finish  finally  In Internet Explorer  Tools - Delete browsing History   In Internet Explorer  Tools - Internet options -  Content  tab - Clear SSL state button

User · Answer

You need to make sure that the Self Signed Certificate uses the correct common name for the domain you are setting up   If you are going to use the same certificate for multiple domains you need to either have a unique certificate for each domain  or if all of your ssl sites are subdomains of a common domain  then you can generate a certificate with a wildcard domain like   domainname tld     If you don t set up your common name correctly in your self signed certificate then Chrome and Firefox may work  but IE might not be able to find the certificate when you load the site each time   In IE it will appear like you have added the site s cert but in fact on page load it will never be found   how to set up SSL for Apache for a Mac so I can test Cross Domain iFrame on IE8

User · Answer

If you re getting an address mismatch error  just allow address mismatches    Tools and select Internet Options select the Advanced tab Scroll down and uncheck Warn about certificate address mismatch

[internet-explorer-8] What do I need to do to get Internet Explorer 8 to accept a self signed certificate?

Examples related to internet-explorer-8

Examples related to ssl-certificate