I have a self-signed certificate I generated using KeyMan and am using it
with my IIS server.  It works fine except the client always gets a warning
about the certificate saying it can't be verified.  How can I stop this
behavior on the client side without the user having to do anything?  The
primary use is to secure the content to/from Blackberry (no BES server in
the mix here).

There is nothing you can do to force a remote client to "trust" your signing
certificate. That would be a huge security vulnerability in the entire PKI
system. It would mean that I could issue a certificate for www.amazon.com or
www.microsoft.com or www.yourbank.com and somehow remotely cause the client
to "trust" that certificate and not through up a warning.

Maybe RIM provides some tools to allow administrators in a
business/enterprise scenario to remotely install certificate onto devices
under control of the organisation (like Microsoft provides GPOs to allow
enrollment of CAs and certs for domain-joined clients). However that isn't
an IIS question...

Cheers
Ken


Show quoteHide quote

Certificate Mapping - Debugging
iis 6 ssl redirect initial login encrypted?
Domain Account used for IIS6 Anonymous Account Risks?
web site access OK by IP but not by name
Unable to access site with FQDN
Restricting access from my site to other sites
securing a browseable IIS directory
Using "A share located on another computer" AND Authenticated acce
one client certificate able to access two websites
Managing Virtual Directories in IIS