| Author |
How to disable SSL Security Alert in IE
|
|
| Fiaz Ali Saleemi 2005-07-11, 7:48 am |
| Hi All
I have installed SSL Certificate in my IIS and when I redirect to Https IE
shows a Security Alert Dialog. Is there anybody who knows how to disable or
block that Security Alert so that when any user access my Secured Page he
will not get Security Alert Dialog. Any help will be appreciated and thank
you in advance.
Regards
Fiaz Ali Saleemi
| |
|
| i hope not. if a server could do that then you could bypass valid warnings
about bad certificates and possibly cause a security problem for the user.
"Fiaz Ali Saleemi" <fsaleemi@abacusoft.com> wrote in message
news:ur1YUkhhFHA.328@tk2msftngp13.phx.gbl...
> Hi All
>
>
> I have installed SSL Certificate in my IIS and when I redirect to Https IE
> shows a Security Alert Dialog. Is there anybody who knows how to disable
> or
> block that Security Alert so that when any user access my Secured Page he
> will not get Security Alert Dialog. Any help will be appreciated and thank
> you in advance.
>
>
> Regards
>
> Fiaz Ali Saleemi
>
>
| |
| Daniel Crichton 2005-07-12, 7:56 am |
|
"Fiaz Ali Saleemi" <fsaleemi@abacusoft.com> wrote in message
news:ur1YUkhhFHA.328@tk2msftngp13.phx.gbl...
> Hi All
>
>
> I have installed SSL Certificate in my IIS and when I redirect to Https IE
> shows a Security Alert Dialog. Is there anybody who knows how to disable
> or
> block that Security Alert so that when any user access my Secured Page he
> will not get Security Alert Dialog. Any help will be appreciated and thank
> you in advance.
Is this the large dialog that includes 1 or more warning triangles
indicating that something in the certificate is not trusted? The only way to
do this is to ensure that the SSL Certificate is signed by a root CA trusted
in IE by default (eg. VeriSign, Thawte, Entrust) and that the CN used
matches the host name in the URL. If you don't do both of these, then
there's no way to bypass the warning, which is a good thing or else anyone
could create a certificate and spoof another entity.
Dan
| |
| David Wang [Msft] 2005-07-12, 7:56 am |
| Not possible. It would be a security vulnerability in the browser to allow
the server to disable its security alert.
You need to determine why the browser is alerting over your server's SSL
certificate and fix it. And even if you fix it, you cannot get rid of all
security alerts because the browser can be configured to warn when
transitioning between HTTP/HTTPS.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Fiaz Ali Saleemi" <fsaleemi@abacusoft.com> wrote in message
news:ur1YUkhhFHA.328@tk2msftngp13.phx.gbl...
Hi All
I have installed SSL Certificate in my IIS and when I redirect to Https IE
shows a Security Alert Dialog. Is there anybody who knows how to disable or
block that Security Alert so that when any user access my Secured Page he
will not get Security Alert Dialog. Any help will be appreciated and thank
you in advance.
Regards
Fiaz Ali Saleemi
| |
| Fiaz Ali Saleemi 2005-07-12, 7:56 am |
| Hi Dominick
Now I am getting following dialoge:
Security Alert
Information you exchange with this site cannot be viewed or
changed by others. However, there is a problem with the site's
security certificate.
! The security certificate was issued by a company you have
not chosen to trust. View the certificate to determine whether
you want to trust the certifying authority.
? The security certificate date is valid.
? The security certificate has a valid name matching the name
of the page you are trying to view.
Do you want to proceed?
Yes No View Certificate
First point is still creating troubles, although I have installed
certificate to
trusted root certification authorities but every time I installed
certificate it
shows success message but never added the Issuing authority. I am using
Versign Trial SSL Certificate may be this is the problem that trial ssl
certificate
authority cannot be installed in trusted authorities. Thanks you for
responding
and thank in advance for further help.
Regards
Fiaz Ali Saleemi
| |
| Brian Komar 2005-07-12, 5:56 pm |
| In article <ur1YUkhhFHA.328@tk2msftngp13.phx.gbl>,
fsaleemi@abacusoft.com says...
> Hi All
>
>
> I have installed SSL Certificate in my IIS and when I redirect to Https IE
> shows a Security Alert Dialog. Is there anybody who knows how to disable or
> block that Security Alert so that when any user access my Secured Page he
> will not get Security Alert Dialog. Any help will be appreciated and thank
> you in advance.
>
>
> Regards
>
> Fiaz Ali Saleemi
>
>
>
Fiaz.
Where did you get the certificate that you installed on the IIS server.
It is possible to add the certificate to the trusted root store (or if a
multi-tiered CA hierarchy, the root of the chain to the trusted root
store.
More details are required to recommend the best method for you. You
*never* want to disable that message. In fact, what are the errors you
are getting. Is it just the trusted root, or are other issues raised in
the dialog box.
Brian
--
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian
| |
| Daniel Crichton 2005-07-12, 5:56 pm |
|
"Fiaz Ali Saleemi" <fsaleemi@abacusoft.com> wrote in message
news:%23v2DbKuhFHA.1252@TK2MSFTNGP09.phx.gbl...
> Hi Dominick
Not sure where that came from :\
> Now I am getting following dialoge:
> Security Alert
>
> Information you exchange with this site cannot be viewed or
> changed by others. However, there is a problem with the site's
> security certificate.
>
> ! The security certificate was issued by a company you have
> not chosen to trust. View the certificate to determine whether
> you want to trust the certifying authority.
>
> ? The security certificate date is valid.
>
> ? The security certificate has a valid name matching the name
> of the page you are trying to view.
>
> Do you want to proceed?
>
> Yes No View Certificate
>
> First point is still creating troubles, although I have installed
> certificate to
> trusted root certification authorities but every time I installed
> certificate it
> shows success message but never added the Issuing authority. I am using
> Versign Trial SSL Certificate may be this is the problem that trial ssl
> certificate
> authority cannot be installed in trusted authorities. Thanks you for
> responding
> and thank in advance for further help.
It's quite likely the Versign Trial Certificate is the reason for the
dialog, and that a full certificate will be fine - Trial certs are only for
testing SSL, they are not to be used for a live site. The Trial certs are
signed with a different cert than the live ones - you need to download and
install the trial root cert.
There's a KB article on the VeriSign site about this at
http://tinyurl.com/7erhb
Dan
| |
| Daniel Crichton 2005-07-12, 5:56 pm |
|
"Daniel Crichton" <msnews@worldofspack.co.uk> wrote in message
news:%23KcB9mvhFHA.720@TK2MSFTNGP14.phx.gbl...
>
> "Fiaz Ali Saleemi" <fsaleemi@abacusoft.com> wrote in message
> news:%23v2DbKuhFHA.1252@TK2MSFTNGP09.phx.gbl...
>
> Not sure where that came from :\
>
>
> It's quite likely the Versign Trial Certificate is the reason for the
> dialog, and that a full certificate will be fine - Trial certs are only
> for testing SSL, they are not to be used for a live site. The Trial certs
> are signed with a different cert than the live ones - you need to download
> and install the trial root cert.
>
> There's a KB article on the VeriSign site about this at
> http://tinyurl.com/7erhb
Doesn't seem to work, try
https://knowledge.verisign.com/sear...on.jsp?id=vs158
instead.
Dan
| |
| Daniel Crichton 2005-07-12, 5:56 pm |
|
"Daniel Crichton" <msnews@worldofspack.co.uk> wrote in message
news:%23TT0DpvhFHA.572@TK2MSFTNGP15.phx.gbl...
>
> "Daniel Crichton" <msnews@worldofspack.co.uk> wrote in message
> news:%23KcB9mvhFHA.720@TK2MSFTNGP14.phx.gbl...
>
> Doesn't seem to work, try
>
> https://knowledge.verisign.com/sear...on.jsp?id=vs158
>
> instead.
Strike that, the heat must be getting to me, it's over 30C in my office :\
https://knowledge.verisign.com/sear...n.jsp?id=vs1350
I've doubled check that url before posting this time, it's definitely the
right one 
Dan
| |
| Fiaz Ali Saleemi 2005-07-13, 2:48 am |
| Hi Brian
I am getting following dialoge:
Security Alert
Information you exchange with this site cannot be viewed or
changed by others. However, there is a problem with the site's
security certificate.
! The security certificate was issued by a company you have
not chosen to trust. View the certificate to determine whether
you want to trust the certifying authority.
? The security certificate date is valid.
? The security certificate has a valid name matching the name
of the page you are trying to view.
Do you want to proceed?
Yes No View Certificate
First point is still creating troubles, although I have installed
certificate to
trusted root certification authorities but every time I installed
certificate it
shows success message but never added the Issuing authority. I am using
Versign Trial SSL Certificate may be this is the problem that trial ssl
certificate
authority cannot be installed in trusted authorities. Thanks you for
responding
and thank in advance for further help.
Regards
Fiaz Ali Saleemi
| |
| Daniel Crichton 2005-07-13, 2:48 am |
| Fiaz wrote on Tue, 12 Jul 2005 23:47:46 -0700:
> Hi Brian
>
> I am getting following dialoge:
> Security Alert
>
> Information you exchange with this site cannot be viewed or
> changed by others. However, there is a problem with the site's
> security certificate.
>
> ! The security certificate was issued by a company you have
> not chosen to trust. View the certificate to determine whether
> you want to trust the certifying authority.
>
> ? The security certificate date is valid.
>
> ? The security certificate has a valid name matching the name
> of the page you are trying to view.
>
> Do you want to proceed?
>
> Yes No View Certificate
>
> First point is still creating troubles, although I have installed
> certificate to
> trusted root certification authorities but every time I installed
> certificate it
> shows success message but never added the Issuing authority. I am using
> Versign Trial SSL Certificate may be this is the problem that trial ssl
> certificate
> authority cannot be installed in trusted authorities. Thanks you for
> responding
> and thank in advance for further help.
>
> Regards
> Fiaz Ali Saleemi
>
I posted this yesterday, but I guess you didn't see it
https://knowledge.verisign.com/sear...n.jsp?id=vs1350
You need to install that test root certificate into your browser to allow it
to treat the certificate as from a trusted source - installing the
certificate itself in IE doesn't work (as you discovered).
Dan
|
|
|
|