Self signed standalone CA gives: "Windows does not have enough information to verify this certificat

10 Apr 2006 3:10 PM

Lars Bonnesen

I have set up a website with SSL on machine "A" and requested a
certificate - Installed Stand alone CA on machine "B" and invoked the
certifikate on this and imorted that to machina "A".

It works, but clients cannot accept the certificate. They get a "Windows
does not have enough information to verify this certificate" and therefore
they allways get the annoying window where they are promted for "yes"
because the certificate is not trusted.

How to trust a self signed cert?

Regards, Lars.

11 Apr 2006 2:50 AM

Ken Schaefer

You need to obtain the CA's root signing certificate (from MachineB), and
install that into the "Trusted Root CA" part of the client's certificate
store. Then the client's will trust certificates signed by MachineB
(including the server identity certificate that MachineA is using).

Cheers
Ken

--
IIS Blog: http://www.adOpenStatic.com/cs/blogs/ken

Show quoteHide quote

"Lars Bonnesen" <none@none.æøå> wrote in message
news:%23rTFqDLXGHA.4620@TK2MSFTNGP04.phx.gbl...
:I have set up a website with SSL on machine "A" and requested a
: certificate - Installed Stand alone CA on machine "B" and invoked the
: certifikate on this and imorted that to machina "A".
:
: It works, but clients cannot accept the certificate. They get a "Windows
: does not have enough information to verify this certificate" and therefore
: they allways get the annoying window where they are promted for "yes"
: because the certificate is not trusted.
:
: How to trust a self signed cert?
:
: Regards, Lars.
:
:

11 Apr 2006 11:13 AM

Lars Bonnesen

You are right - I was puzzled about this for a long time, but now it works.

Thanks!

Regards, Lars.

Show quoteHide quote

"Ken Schaefer" <kenREM***@THISadOpenStatic.com> skrev i en meddelelse
news:e1qq7KRXGHA.1228@TK2MSFTNGP02.phx.gbl...
> You need to obtain the CA's root signing certificate (from MachineB), and
> install that into the "Trusted Root CA" part of the client's certificate
> store. Then the client's will trust certificates signed by MachineB
> (including the server identity certificate that MachineA is using).
>
> Cheers
> Ken
>
> --
> IIS Blog: http://www.adOpenStatic.com/cs/blogs/ken
>
>
> "Lars Bonnesen" <none@none.æøå> wrote in message
> news:%23rTFqDLXGHA.4620@TK2MSFTNGP04.phx.gbl...
> :I have set up a website with SSL on machine "A" and requested a
> : certificate - Installed Stand alone CA on machine "B" and invoked the
> : certifikate on this and imorted that to machina "A".
> :
> : It works, but clients cannot accept the certificate. They get a "Windows
> : does not have enough information to verify this certificate" and
> therefore
> : they allways get the annoying window where they are promted for "yes"
> : because the certificate is not trusted.
> :
> : How to trust a self signed cert?
> :
> : Regards, Lars.
> :
> :
>
>

11 Apr 2006 2:52 AM

David Wang [Msft]

On every client, you must import the self signed cert into its trusted root.

Blog entry describing how this all works. Read the comments, too.

http://blogs.msdn.com/david.wang/archive/2005/08/02/Free_SSL_on_IIS.aspx

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

Show quoteHide quote

"Lars Bonnesen" <none@none.æøå> wrote in message
news:%23rTFqDLXGHA.4620@TK2MSFTNGP04.phx.gbl...
>I have set up a website with SSL on machine "A" and requested a
>certificate - Installed Stand alone CA on machine "B" and invoked the
>certifikate on this and imorted that to machina "A".
>
> It works, but clients cannot accept the certificate. They get a "Windows
> does not have enough information to verify this certificate" and therefore
> they allways get the annoying window where they are promted for "yes"
> because the certificate is not trusted.
>
> How to trust a self signed cert?
>
> Regards, Lars.
>