Re: Trusting Certs from Non Trusted root

I suspect that it's a cost thing, although I suspect the budget should run to
a 'proper' certificate. I'll have another word with the IT people about it as
it obviously affects all who try to use our school 'remote network' facility
and getting it sorted would be a 'good thing'.
In the mean time, is what I am after possible? and if so, how can I do it?

Regards Trevor

"Lanwench [MVP - Exchange]" wrote:

TrevorJ <TrevorJ@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
PS the site that I am trying to trust is
https://24hrschool.bexhillhigh.e-sussex.sch.uk/

Looks like they created their own SSL certificate (for free). If they were
to instead purchase a third party SSL certificate from one of the root /
trusted providers, it's highly unlikely that anyone would be getting this
message.

Although I have the utmost respect for Mr. Pidgorny, I can't agree with the
blanket statement that "...the IT people are very unprofessional" with so
little background knowlege. To give them the benefit of the doubt, perhaps
they've been given a shoestring budget and/or have
technologically-challenged management to deal with - either might explain
why they went with the "roll your own" route.

The fact that you're using Vista/IE7 means that your computer is going to
complain a lot more about this than one running IE6, in which case it's
simple to click & install *once* so one is never bothered again.

However, it's true that for anything other than a small/home office, it's
better not to use a a self-signed cert. Verisign, Thawte, Geotrust, are
some of the big names - Godaddy is a smaller vendor that may work for most
people/devices/computers.



Trevor

"TrevorJ" wrote:

Thanks to you both for the info. Unfortunately, I'm not too much up
in this certificate thing and wonder if one of you could help me
further, as I don't fully understand what exactly I have to do. If
You can help me on this one, I'll write a little 'how to do it' and
give the instructions to any one else that's P'd off about it.
If it makes any difference, I am running XP Pro SP2 on my tower and
Vista Home Premium on my laptop, both with IE7. All patches up to
date. @Paul.
I like your sig block sentiments, but I suspect that quite a few
arguments an flaming incidents have been prevented by their use :-)
Trevor



"S. Pidgorny <MVP>" wrote:

You can extract the root by analysing the certificate properties
and add it to the trusted root store...

The IT people are very unprofessional. It's one click too much.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *


"TrevorJ" <TrevorJ@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E0796974-E658-4E08-9962-B1AF529DBC19@xxxxxxxxxxxxxxxx
Thanks for the reply.
I have tried talking to our IT people, but their response is 'It's
only one
more click'. I (temporarily) tried unchecking the IE Warn
about.... but that
didn't solve the problem.
You would have thought that you could 'import' a certificate from a
trusted
site, even if it was not strictly valid.
Thanks again, I suppose that I will have to put up with the extra
click.

Trevor


"S. Pidgorny <MVP>" wrote:

In IE security options, there's one which is to "Warn about
invalid site certificates". You cannot disable the warning for a
single site though.

I suggest looking into the root issue and making the root which
is always used by your infrastructure trusted. Make sure you know
why exactly you get
the warning.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"TrevorJ" <TrevorJ@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BAB98587-F964-4D2F-B53A-5301B017E6E9@xxxxxxxxxxxxxxxx
I work for a school which has internet access to the school
network via a
https address. When connecting IE produces the following
message: "The security certificate presented by this website was
not issued by a trusted
certificate authority." Although the certificate cannot be
traced back, I
would like to avoid this message every time I log on. I have
tried importing
the certificate and placing he site into my 'trusted sites'
area, but to
no
avail. Is there a way of achieving what I want to do?
TIA. Trevor




.

Relevant Pages

  • Re: Classes or Self Study???
    ... big bux as soon as you get your certificate? ... The salesman tells me I should complete all ... but I suspect it's not what you wanted to hear. ...
    (microsoft.public.cert.exam.mcse)
  • RE: Certificate wizard apparently not available now - server 2003
    ... I suspect you can get your money refunded. ... a-chaun@microsoftNOSPAM.com and I can review it and perhaps see what I can ... You should be able to renew the certificate from the IIS console. ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to fix broken security in Windows 2000?
    ... > certificate, anything that was signed with that certificate prior to the ... > expiration date needs that trusted root certificate to be validated. ... I very strongly suspect that what happened is that I deleted a ... > Diagnostic steps to identify the missing certificate or even the affected ...
    (microsoft.public.windowsupdate)
  • Re: How to fix broken security in Windows 2000?
    ... > certificate, anything that was signed with that certificate prior to the ... > expiration date needs that trusted root certificate to be validated. ... I very strongly suspect that what happened is that I deleted a ... > Diagnostic steps to identify the missing certificate or even the affected ...
    (microsoft.public.security)
  • Re: How to fix broken security in Windows 2000?
    ... > certificate, anything that was signed with that certificate prior to the ... > expiration date needs that trusted root certificate to be validated. ... I very strongly suspect that what happened is that I deleted a ... > Diagnostic steps to identify the missing certificate or even the affected ...
    (microsoft.public.win2000.security)