Jump to content
RESET Forums (homeservershow.com)

Certificate Error


whsvet
 Share

Recommended Posts

No, I did not try that method because I was not familiar with it. Until now, I had no experience manipulating certificates. Most of my info was gathered from sites such as Here and Here. There are probably easier ways to do this, I just could not find them.

Link to comment
Share on other sites

No, I did not try that method because I was not familiar with it. Until now, I had no experience manipulating certificates. Most of my info was gathered from sites such as Here and Here. There are probably easier ways to do this, I just could not find them.

 

It would be interesting to find out if it would work for you.

Link to comment
Share on other sites

If you take a look at some of the Windows Small Business Server blogs, this process is a little more streamlined in that SBS creates a package for you to install these .509 certs. The only part they leave out is to install the certs in the Trusted Root Certificates store.

 

I am curious, that if you look under the advanced properties of the certs you imported and are still getting the warning, what properties are checked. Basically, everything except Secure E-Mail and Client Authentication should be checked.

Link to comment
Share on other sites

The problem I found was that the automated processes did not install the correct cert. The "*server-name*-CA" cert is the one that had to be installed into the Trusted Root Certificate Authorities store. Having the "*server-name*" cert there by itself had no effect. In fact, I think it works without the "*server-name*" cert installed anywhere on the client machine.

 

I should have stated in the "blog post" above, that prior to the import procedure, I deleted all "*server-name*" certs from the client machine's Trusted Root Cert Authorities store that had been installed previously through other means.

 

This has been very confusing to me. I read enough websites to piece together this protocol that seems to work. Now maybe someone who really understands this cert stuff can explain why it works :rolleyes:

Link to comment
Share on other sites

Great writeup; very thorough. What I find interesting is why it happens on some builds and not others. Should I believe that the home-brews that seem to have no issues with the valid certificates have done something "right" or have they not installed something and the certificate validation system is non-functioning? I.E. is no news necessarily good news?

Link to comment
Share on other sites

Frustration!

 

On my XP computer at work double-clicking the cert file to install it worked like a charm. As I posted earlier it allowed me to get to the email server running on my WHS without a cert prompt. Beauty!

 

However, it didn't work on my win7 computer at home. When I followed whsvet's thorough description I found out that the cert had never been added to the Trusted Root store at all. So, I followed the instructions and added it. It installed and now I can see it. Problem solved, right? Wrong! I still get the cert prompt. Nuts!

 

Oh well. Maybe 1 day I'll get it fixed.

Link to comment
Share on other sites

quick update. I found out that the double-click technique of installing a cert on win7 does add it to the Trusted Root, but not of Computer; rather, of My User. I tried adding the cert to the Trusted Root of each of the 3 options, My User, Service, & Computer, alone and in combination but none of them worked.

Link to comment
Share on other sites

  • 1 month later...

I know it's been a while since this thread was updated, but today at work we discovered that the issue seems to involve different versions of IE. Again, at work, when we go to 1 intranet site using IE6 (after installing the cert) it works fine. However, if we go to the same site using IE8 it still gives the security warning page. Stay tuned....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...