您可以使用GPO在域内使用证书。

但我的问题是Internet Explorer 8，即使证书在受信任的根证书存储中…它仍然不会说它是一个可信的网站。

有了这个和司机的签字，现在需要完成…我开始怀疑谁拥有我的电脑了!

下面是我如何让它在IE8中工作的:

Go to the website in question, https://xxx.yyy.com, for instance, Click through until you get to the Certificate error in the browser status line. View the cert, then from the Details tab, select Copy to File. Save to the desktop as xxx.cer, for example, Start, Run, MMC. File, Add/Remove Snap-In, Select Certificates, Click Add, My User Account, then Finish, then OK, Dig down to Trust Root Certification Authorities, Certificates, Right-Click Certificate, Select All Tasks, Import, Select the Save Cert from the Desktop Select Place all Certificates in the following Store, Click Browse, Check the Box that says Show Physical Stores, Expand out Trusted Root Certification Authorities, and select Local Computer there, click OK, Complete the Import, Check the list to make sure it shows up. You will probably need to Refresh before you see it. Exit MMC, Open Browser, select Tools, Delete Browsing History Select all but Inprivate Filtering Data, complete, Go to Internet Options, Content Tab, Clear SSL State, Close browser and reopen and test.

我让它这样工作

Start Internet Explorer running as a user with administrative privileges. Browse to server computer using the computer name (ignore certificate warnings) Click the ”Certificate Error” text in the top of the screen and select ”View certificates” In the Certificate dialog, click Install Certificate -> Next Select Place all certificates in the following store -> Browse Check Show Physical Stores check box Select Trusted Root Certificate Authorities – Local Computer Click OK – Next – Finish – OK Restart Internet Explorer

如何安装CA根证书，而不是网站证书:(IE8, Win7)

When you bring up the certificate details you are looking at the website cert, and not the CA cert. The General tab will say, "This certificate cannot be verified..." You need to select the CA by clicking on the Certification Path tab, and selecting the top most cert in the path. It should have a red X icon, and should say, "This CA Root certificate is not trusted because..." Click the View Certificate button, and on this new General tab you should see, "This CA Root is not trusted..." This is the certificate that you want to import into the Trusted Root Certificate Authority.

一旦您导入了CA，您就不需要再导入常规的网站证书，该证书将与您刚刚导入的CA匹配，IE会将一切视为正常工作。您不需要以管理员身份运行IE，也不需要先将站点添加到可信站点。导入完成后需要重新启动IE。

安装证书本身是不够的，相反，您需要安装证书颁发机构的根证书。假设如果您使用Win Server的证书服务，那么它的根证书是在该服务器上安装CS时创建的，将被安装。它必须安装到前面描述的“受信任的根证书颁发机构”。

您需要确保自签名证书为您正在设置的域使用正确的通用名称。如果您要为多个域使用相同的证书，则需要为每个域拥有唯一的证书，或者如果您的所有ssl站点都是一个公共域的子域，则可以生成具有*.domainname.tld等通配符域的证书。

如果您没有在自签名证书中正确设置您的常用名称，那么Chrome和Firefox可能可以工作，但IE可能在每次加载站点时都无法找到该证书。在IE中，它看起来就像你已经添加了网站的证书，但实际上在页面加载时，它永远不会被找到。

如何为Mac Apache设置SSL，以便我可以在IE8上测试跨域iFrame