我们在内部网中使用自签名证书。我需要做什么才能让ie8接受它们而不向用户显示错误消息?我们为ie7所做的工作显然不起作用。

编辑:如果我将证书放入受信任的根证书颁发机构,Internet Explorer 7将不会显示任何错误。即使有证书,ie8似乎也会显示错误。


当前回答

如果您正在进行一些本地测试,并且您在主机文件中添加了一些别名

127.0.0.1 www.mysite.com

并尝试使用上述任何程序,你将失败。原因是您将为localhost导入一个证书。证书URL不匹配。

在这种情况下,您必须生成一个自签名证书,然后按照上面所述导入它。

如果您正在使用Xampp,则可以轻松地生成正确的证书 c: \ xampp \ apache \ makecert.bat

其他回答

如何安装CA根证书,而不是网站证书:(IE8, Win7)

When you bring up the certificate details you are looking at the website cert, and not the CA cert. The General tab will say, "This certificate cannot be verified..." You need to select the CA by clicking on the Certification Path tab, and selecting the top most cert in the path. It should have a red X icon, and should say, "This CA Root certificate is not trusted because..." Click the View Certificate button, and on this new General tab you should see, "This CA Root is not trusted..." This is the certificate that you want to import into the Trusted Root Certificate Authority.

一旦您导入了CA,您就不需要再导入常规的网站证书,该证书将与您刚刚导入的CA匹配,IE会将一切视为正常工作。您不需要以管理员身份运行IE,也不需要先将站点添加到可信站点。导入完成后需要重新启动IE。

如果你得到一个地址不匹配错误,只允许地址不匹配:

工具,选择“Internet选项” 选择Advanced选项卡 向下滚动屏幕,取消勾选“对证书地址不匹配发出警告”

看起来不可能不再出现证书错误了。我用的是Windows XP和IE 8。组策略已将自签名证书安装为访问内部站点的受信任根证书。当我用证书管理单元查看MMC时,我可以看到那里的证书。

当我看到:

Internet选项=>内容=>证书

它不在那儿!

IE中的这种行为始于我们的管理员在2009年12月10日安装在我机器上的最后一批补丁星期二更新。在此之前,它很乐意接受该证书是有效的。

您应该将证书作为受信任的权威安装在计算机上。

有许多方法可以做到这一点,例如,您可以使用mmc (start/run/mmc),添加证书管理单元,然后从那里安装自签名证书。

这是没有办法的,因为证书的全部意义是警告用户,如果他正在访问的网站没有经过可信的权威机构的认证。

下面是我如何让它在IE8中工作的:

Go to the website in question, https://xxx.yyy.com, for instance, Click through until you get to the Certificate error in the browser status line. View the cert, then from the Details tab, select Copy to File. Save to the desktop as xxx.cer, for example, Start, Run, MMC. File, Add/Remove Snap-In, Select Certificates, Click Add, My User Account, then Finish, then OK, Dig down to Trust Root Certification Authorities, Certificates, Right-Click Certificate, Select All Tasks, Import, Select the Save Cert from the Desktop Select Place all Certificates in the following Store, Click Browse, Check the Box that says Show Physical Stores, Expand out Trusted Root Certification Authorities, and select Local Computer there, click OK, Complete the Import, Check the list to make sure it shows up. You will probably need to Refresh before you see it. Exit MMC, Open Browser, select Tools, Delete Browsing History Select all but Inprivate Filtering Data, complete, Go to Internet Options, Content Tab, Clear SSL State, Close browser and reopen and test.