Re: How to install website certificate as Trusted?

From: Tony Su (anonymous_at_discussions.microsoft.com)
Date: 06/20/04


Date: Sun, 20 Jun 2004 14:08:16 -0700

Yes,
I agree and now I think you're beginning to follow me...

If a machine isn't pre-configured to trust the issueing CA
of a website, then is there any way to configure trusting
that particular website without going to the root CA to
configure trusting the root CA?

It seems to me illogical that there should be a button to
enable installing the website certificate if it isn't
sufficient, you have to trust the issueing CA <instead>.

Summary:
Webserver secured with cert from untrusted CA
- Installing the cert from the website on the client is
insufficient, no change
- Installing the public cert from the untrusted CA enables
the CA to be trusted and all certs that CA has issued.
- If the client machine is added to the Windows Domain of
a CA, then that CA will be considered trusted as well.

Thanks for your time,
Tony Su

>-----Original Message-----
>Hi
>
>: If I attempt to over-ride and place the website
>: certificate in the Trusted Publishers store, it doesn't
>: show up.
>
>which certificate are you attempting to place where? You
don't want to be
>placing the website's server certificate into the store.
You want to place
>the Certificate Authority's (CAs) root certificate into
the store...
>
>Cheers
>Ken
>
>
>"Tony Su" <anonymous@discussions.microsoft.com> wrote in
message
>news:1d6a201c453e0$d33aead0$a101280a@phx.gbl...
>: Thanks for replying Ken,
>: But that is exactly what I mean... what you describe
>: doesn't work on any website I've done that on.
>:
>: Choosing to allow the installer to choose the store, I
can
>: see the certificate appear in the "Intermediate
>: Certification Authorities," but I don't see why that
>: should be appropriate... because there is no Trusted
>: Publisher installed yet that would be able to
>: authenticated an Intermediate. And, therefor of course
>: authentication will still fail.
>:
>: If I attempt to over-ride and place the website
>: certificate in the Trusted Publishers store, it doesn't
>: show up.
>:
>: Thoughts?
>: Or, am I looking at this wrong?
>:
>: TIA,
>:
>: Tony Su
>:
>:
>:
>: >-----Original Message-----
>: >When you view the certificate details, you don't import
>: the server
>: >certificate.
>: >You need to view the details of the CA's root
>: certificate, and then import
>: >that into the certificate store.
>: >
>: >You can see the CA's cert in the Certificate Heirachy
tab
>: (in Internet
>: >Explorer)
>: >
>: >Cheers
>: >Ken
>: >
>: >"Tony Su" <anonymous@discussions.microsoft.com> wrote
in
>: message
>: >news:1c35301c45226$e9313e90$a401280a@phx.gbl...
>: >: Specifically I'm referring to SBS2K3, but should
>: probably
>: >: be applicable to any other situation where a website
is
>: >: secured with a Makecert or is issued by a CA not
already
>: >: trusted.
>: >:
>: >: When a User views the suspect certificate, clicks
>: on "View
>: >: Certificate" and "Install Certificate," whether the
>: >: certificate is installed in default stores or any
>: >: specified store this has no effect... The next time
the
>: >: User views the website, the User will still be
prompted
>: >: because the website certificate still is not trusted.
>: >:
>: >: The only way I've been able to resolve this are two
>: ways...
>: >: - If the certificate is issued by my Domain CA, then
I
>: can
>: >: make the machine a member of my Domain.
>: >: - If the certificate is issued by a CA, I can export
the
>: >: CA's public certificate and install it into the
Client
>: as
>: >: a trusted CA.
>: >:
>: >: So far, I have not found an easy and direct way for
the
>: >: client to install the certificate from the website.
>: >:
>: >: Any thoughts?
>: >: TIA,
>: >:
>: >: Tony Su
>: >
>: >
>: >.
>: >
>
>
>.
>



Relevant Pages

  • Re: SSL Help
    ... You need to have a SSL certificate on your default website in IIS and this ... We kept getting Internet_29 error when connecting to the default website to ... > problem was actually installing the wrong certificate. ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to install website certificate as Trusted?
    ... You need to read up on Certificate trust heirachy. ... Intermediate Certificate) in your trusted cert store, ... of a website, then is there any way to configure trusting ... - Installing the cert from the website on the client is ...
    (microsoft.public.inetserver.iis.security)
  • Re: Installing Certificates . Why?? help please
    ... if the certificate is issued by ... the website themselves then be very sure before installing. ... certificate I decide to trust or one issued by a known and trusted authority ...
    (alt.computer.security)
  • Name on Security Certificate is invalid
    ... installing the wrong certificate for the particular ... >We have an IIS 5.0 server set up with two website that ... The first site ...
    (microsoft.public.inetserver.iis.security)
  • Re: Checkpoint smart defance as IPS
    ... on-the-fly for any website. ... the browser trusts all certificate authorities ... *any* SSL/TLS communication without tampering anything on the client ... website a client visits on-the-fly. ...
    (Security-Basics)