Install a self generated certificate on explorer

Published on Tuesday, April 10th, 2012 by Maurizio Mutti

The problem

When working on test server or with company’s internal resources like Network Attached Storage, we would like to use SSL comunication.
The problem is that Internet Explorer will show a warning each time we connect to that site saying “There is a problem with this website’s security certificate.”.

Certificate error

In this post I will describe how to avoid any warning in explorer when browsing to a site with a self signed SSL certificate.
Be carefull that using self signed certificate on production servers and over the internet is strongly discouraged.

The solution

Usually as shown in the previous screenshoot, the are 2 different errors raised by Explorer:
  1. The certificate is not issued by a trusted certificate authority
  2. The certificate is issued for a different website’s address

To solve the first problem, we need to promote the certificate authority which issued our certificate as a trusted certificate authority on our computer.

  • Run Internet Explorer as administrator, as normal user you are not allowed to install certificates.
  • Navigate to website whose certificate you want to trust.
  • When told “There is a problem with this website’s security certificate.”, choose “Continue to this website (not recommended).”
  • Click on “Certificate Error” at the right of the address bar and select “View certificates”.

    Invalid Certificate

  • Click on “Install Certificate…”, then in the wizard, click “Next”.

    Install Certificate

  • On the second page of the wizard, select “Place all certificates in the following store” and browse to “Trusted Root Certification Authorities”.

    Certificate Store

  • You get a security warning. Read it and if you are sure you want to trust this certificate, then agree.

    Security Warning

Now your certificate will be accepted by Explorer as if it was issued by an “official” certificate authority.

To solve the second problem it is enought to change an option in Internet explorer, be aware that this will affect all sites and certificates, exposing you to phishing attacks.

  • In internet explorer go to Tools -> Internet Options -> Advanced
  • On the security group, uncheck “Warn about certificate address mismatch”

    Explorer Setting

To enable this new setting, you need to restart of Explorer.

Done, now we can navigate to the website without any error raised by explorer!

Share

Leave a Reply