Certification Authority problems

A

Arne And

Hi

I have an Win 2003 SP1 server that I have installed Windows Certification
Authority on.

I have been able to create a Server Certificate and set up my website to use
SSL on port 443.

When I go too my website (https://www.domian.com) I get an Security Alert,
saying that it is a problem with the site`s security certificate.
I press the View Certificate button, and it says that "This Certificate
canot be verified up to a trusted certification authority"

I installed the certificate and press YES to proceed. I can get into my
website with no problem. If i close the browser, and open it again, type
https://www.domain.com I get the same Security Alert.

Can I get rid of this warning some how?

Regards

-AA-
 
B

Brian Komar [MVP]

Hi

I have an Win 2003 SP1 server that I have installed Windows Certification
Authority on.

I have been able to create a Server Certificate and set up my website to use
SSL on port 443.

When I go too my website (https://www.domian.com) I get an Security Alert,
saying that it is a problem with the site`s security certificate.
I press the View Certificate button, and it says that "This Certificate
canot be verified up to a trusted certification authority"

I installed the certificate and press YES to proceed. I can get into my
website with no problem. If i close the browser, and open it again, type
https://www.domain.com I get the same Security Alert.

Can I get rid of this warning some how?

Regards

-AA-
Click to expand...
You need to ad the root CA of the certificate chain to the trusted root
store. There are a few ways to do it:

1) In a domain

Take the root CA certificate (.cer) and then have a member of the
Enterprise Admins run:
certutil -dspublish -f <rootCA.cer> RootCA
This will make the root CA certificate trusted by all members of the
forest

2) At a single workstation
Take the root CA certificate (.cer) and then have a member of the local
Administrators group run:
certutil -addstore -f Root <rootCA.cer>

This assumes that you have certutil installed at the computer (from the
win2k3 administration pack

Brian
 
A

Arne And

Thanx

Will look into it tomorrow :)

-AA-


Brian Komar said:
You need to ad the root CA of the certificate chain to the trusted root
store. There are a few ways to do it:

1) In a domain

Take the root CA certificate (.cer) and then have a member of the
Enterprise Admins run:
certutil -dspublish -f <rootCA.cer> RootCA
This will make the root CA certificate trusted by all members of the
forest

2) At a single workstation
Take the root CA certificate (.cer) and then have a member of the local
Administrators group run:
certutil -addstore -f Root <rootCA.cer>

This assumes that you have certutil installed at the computer (from the
win2k3 administration pack

Brian
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Certificates and templates 2
CA Problems 6
Bogus security alert 6
Windows 7 Google Toolbar 1
Certification Authority 2
EFS Auto enroll 0
certificate revocation error 1
certificate services question 1

Top