我们在内部网中使用自签名证书。我需要做什么才能让ie8接受它们而不向用户显示错误消息?我们为ie7所做的工作显然不起作用。

编辑:如果我将证书放入受信任的根证书颁发机构,Internet Explorer 7将不会显示任何错误。即使有证书,ie8似乎也会显示错误。


当前回答

伙计,今天我花了几个小时来解决这个问题。无论我在IE 8中做了什么,问题仍然存在。IE安装的证书出现在客户端PC的“受信任的根证书颁发机构”中,但IE仍然报错。

以下是我发现的解决方案:

在web服务器上:

Win+R, MMC,回车。 文件,添加-删除管理单元,证书,添加,管理证书:我的用户帐户, 完成。 导航到“证书-当前用户/受信任的根证书颁发机构/证书”。 找到您的证书,右键单击All tasks / Export。 不,不要导出私钥 "DER编码二进制X.509 (.CER)" 将文件保存在某个地方。 将新创建的. cer文件传输到客户端PC上。

在客户端机器上:

Win+R, MMC, Enter. File, Add-Remove snap-in, Certificates, Add, Manage certificates for: my user account, Finish, OK. Navigate to "Certificates - current user / Trusted Root Certification Authorities / Certificates". Right-click on Certificates container, All tasks / Import Choose your .CER file you've transferred from the server machine. On the next screen, choose "Place all certificates in the following store", click "Browse", check "Show physical stores", then choose "Trusted Root Certification Authorities / Local Computer". Press "Finish" finally. In Internet Explorer: Tools - Delete browsing History, In Internet Explorer: Tools - Internet options - "Content" tab - Clear SSL state button.

其他回答

如果你得到一个地址不匹配错误,只允许地址不匹配:

工具,选择“Internet选项” 选择Advanced选项卡 向下滚动屏幕,取消勾选“对证书地址不匹配发出警告”

下面是我如何让它在IE8中工作的:

Go to the website in question, https://xxx.yyy.com, for instance, Click through until you get to the Certificate error in the browser status line. View the cert, then from the Details tab, select Copy to File. Save to the desktop as xxx.cer, for example, Start, Run, MMC. File, Add/Remove Snap-In, Select Certificates, Click Add, My User Account, then Finish, then OK, Dig down to Trust Root Certification Authorities, Certificates, Right-Click Certificate, Select All Tasks, Import, Select the Save Cert from the Desktop Select Place all Certificates in the following Store, Click Browse, Check the Box that says Show Physical Stores, Expand out Trusted Root Certification Authorities, and select Local Computer there, click OK, Complete the Import, Check the list to make sure it shows up. You will probably need to Refresh before you see it. Exit MMC, Open Browser, select Tools, Delete Browsing History Select all but Inprivate Filtering Data, complete, Go to Internet Options, Content Tab, Clear SSL State, Close browser and reopen and test.

我尝试了上面提到的所有解决方案,但没有一个奏效。使用Internet Explorer 11(11.0.9600.17914),无法接受无效证书,因为错误看起来完全像404。

有帮助的是以下几点: -添加主机到可信站点(在这里提到过几次) —禁用TLS 1.2,启用SSL 1.0和SSL 2.0

最后一步是你只有在知道自己在做什么的时候才应该做的事情。我们需要在工作中使用一个非常奇怪的设置,因此我们无法找到其他访问系统的方法。通常,不应该像这样降低安全性。

安装证书本身是不够的,相反,您需要安装证书颁发机构的根证书。假设如果您使用Win Server的证书服务,那么它的根证书是在该服务器上安装CS时创建的,将被安装。它必须安装到前面描述的“受信任的根证书颁发机构”。

如何在20个恼人的步骤中让IE8信任自签名证书

Browse to the site whose certificate you want to trust. When told “There is a problem with this website's security certificate.”, choose “Continue to this website (not recommended).” Select Tools➞Internet Options. Select Security➞Trusted sites➞Sites. Confirm the URL matches, and click “Add” then “Close”. Close the “Internet Options” dialog box with either “OK” or “Cancel”. Refresh the current page. When told “There is a problem with this website's security certificate.”, choose “Continue to this website (not recommended).” Click on “Certificate Error” at the right of the address bar and select “View certificates”. Click on “Install Certificate...”, then in the wizard, click “Next”. On the next page select “Place all certificates in the following store”. Click “Browse”, select “Trusted Root Certification Authorities”, and click “OK”. Back in the wizard, click “Next”, then “Finish”. If you get a “Security Warning” message box, click “Yes”. Dismiss the message box with “OK”. Select Tools➞Internet Options. Select Security➞Trusted sites➞Sites. Select the URL you just added, click “Remove”, then “Close”. Now shut down all running instances of IE, and start up IE again. The site’s certificate should now be trusted.