How to Turn Off Website Security Certificate Warning
- Home
- Windows
- General Windows
You guys all know this wonderful error message that IE seems to generate on like 75% of all secure websites. How do I disable it for one specific site? The site is in my list of trusted sites. I turned off the advanced setting "warn about certificate address mismatch". I clicked "continue" on the error page, then viewed the certificate and imported it, but this did not make the message go away.
This is more than an annoyance, I think it's interfering with an automatic upload I'm trying to perform, which is generating a "SSL handshake failure" error...
This is on IE8 on an old Vista box. Yeah, I know.
Help! Please and thank you :)
Import the root cert that issued the certificate - not sure you can actually disable the warning.
22 Replies
Import the root cert that issued the certificate - not sure you can actually disable the warning.
CedarsHost is an IT service provider.
hutchingsp wrote:
Import the root cert that issued the certificate - not sure you can actually disable the warning.
You cannot and nor should you be able to. The warning is there for a reason, it's stating that the cert isn't a trusted cert which means that it's possible that it is being spoofed.
If this is a self-signed cert then the normal fix is to make the root cert part of the trusted set via a GPO.
Nazih Haddad wrote:
Use firefox
Firefox will also and correctly display a warning.
I did in fact need to import the root cert. I knew it was not a spoofed cert because this is for a MASSIVE and incredibly secure company. Thanks guys!
Jon L wrote:
I did in fact need to import the root cert. I knew it was not a spoofed cert because this is for a MASSIVE and incredibly secure company. Thanks guys!
Who won't spend $10 on an SSL cert? :-)
CedarsHost is an IT service provider.
@garry,
No it will not display any warning. Just once and for all.
once u add an exception for it it will never display the warning
Jon L wrote:
I did in fact need to import the root cert. I knew it was not a spoofed cert because this is for a MASSIVE and incredibly secure company. Thanks guys!
Just because they are massive doesn't mean that someone hasn't dropped a dodgy cert in there. They are also not secure because as has been pointed out, they have used a self signed cert without distributing the root cert. not good at all.
Nazih Haddad wrote:
@garry,
No it will not display any warning. Just once and for all.
once u add an exception for it it will never display the warning
Which is a very bad security practice. It teaches people to ignore what could be genuine cert alerts for sites.
Inlet Technologies Limited is an IT service provider.
Whose selling SSL certs for $10?hutchingsp wrote:
Jon L wrote:
I did in fact need to import the root cert. I knew it was not a spoofed cert because this is for a MASSIVE and incredibly secure company. Thanks guys!
Who won't spend $10 on an SSL cert? :-)
Jon L wrote:
I did in fact need to import the root cert. I knew it was not a spoofed cert because this is for a MASSIVE and incredibly secure company. Thanks guys!
I think you missed the point. The legit company wouldn't be using a spoofed cert, a hacker pretending to be that company would be the one presenting a spoofed cert. This is how SSL man in the middle attacks work. This is also why it's a bad idea to disable those warnings. That warning is the only thing preventing a MITM attack from being successful.
Among others, Namecheap https://www.namecheap.com/security/ssl-certificates/domain-validation.aspxTomwebbnz wrote:
Whose selling SSL certs for $10?
Well, OK, they start at $9/year for Comodo domain validated certs.
Gary D Williams wrote:
Jon L wrote:
I did in fact need to import the root cert. I knew it was not a spoofed cert because this is for a MASSIVE and incredibly secure company. Thanks guys!
Just because they are massive doesn't mean that someone hasn't dropped a dodgy cert in there. They are also not secure because as has been pointed out, they have used a self signed cert without distributing the root cert. not good at all.
Could just be out of date root SSL certs on the client. Root certs get updated/revoked/added every once in a while and get distributed via updates. I've seen this a bunch of times on old XP computers where users would start getting SSL errors and needed the root certs updated. For some reason, the root cert updates are under the optional windows updates.
Inlet Technologies Limited is an IT service provider.
Thanks Joe. Useful info and link. We paid to much in the past :) Damn it!JoeMatuscak wrote:
Among others, Namecheap https://www.namecheap.com/security/ssl-certificates/domain-validation.aspxTomwebbnz wrote:
Whose selling SSL certs for $10?
Well, OK, they start at $9/year for Comodo domain validated certs.
RapidSSL from Namecheap - saved my ass with Heartbleed.
I'd be curious to know which "HUGE" site this is and also who the root CA is.
Nicholas9783 wrote:
I'd be curious to know which "HUGE" site this is and also who the root CA is.
It's a subsidiary of Eascorp.http://www.vertifi.com/
Click "login" to see the warning. Note however that even if you get the warning and click "continue", you don't actually get anywhere unless you have a personal certificate installed, which needs to be generated by an admin within the Eascorp system. It's a tightly locked-down system... I don't think the certificate warning has anything to do with negligence on their end, but I could be wrong.
Looking at that, I take back what I said, if they're doing client certificate authentication they will be using their own PKI so it makes sense that you'd get the warning.
hutchingsp wrote:
Looking at that, I take back what I said, if they're doing client certificate authentication they will be using their own PKI so it makes sense that you'd get the warning.
ahhh, that makes a lot more sense. You have to have their cert so it can do a cert matching process. If you have their cert then you are allowed in.
Right, that makes sense and certainly explains the error.
It is a self signed cert not from a trusted root authority. I guess you can get their internal root CA assuming there is one, who knows what their PKI is. Otherwise you are going to get this warning forever. I would say they are cutting corners and I would complain to vertifi.
Check the time/date settings. If they are out of sync you'll get this a lot.
Just sayin.....
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.
How to Turn Off Website Security Certificate Warning
Source: https://community.spiceworks.com/topic/479582-disable-certificate-warning-for-a-website