|
Posted by Lanwench [MVP - Exchange] on March 24, 2007, 4:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options > I suspect that it's a cost thing, although I suspect the budget
> should run to a 'proper' certificate. I'll have another word with the
> IT people about it as it obviously affects all who try to use our
> school 'remote network' facility and getting it sorted would be a
> 'good thing'.
> In the mean time, is what I am after possible? and if so, how can I
> do it?
>
I haven't tried this, as I am not yet using Vista *or* IE7....but check out
http://msmvps.com/blogs/spywaresucks/archive/2006/01/31/82198.aspx
> Regards Trevor
>
> "Lanwench [MVP - Exchange]" wrote:
>
>>> PS the site that I am trying to trust is
>>> https://24hrschool.bexhillhigh.e-sussex.sch.uk/
>>
>> Looks like they created their own SSL certificate (for free). If
>> they were to instead purchase a third party SSL certificate from one
>> of the root / trusted providers, it's highly unlikely that anyone
>> would be getting this message.
>>
>> Although I have the utmost respect for Mr. Pidgorny, I can't agree
>> with the blanket statement that "...the IT people are very
>> unprofessional" with so little background knowlege. To give them
>> the benefit of the doubt, perhaps they've been given a shoestring
>> budget and/or have technologically-challenged management to deal
>> with - either might explain why they went with the "roll your own"
>> route.
>>
>> The fact that you're using Vista/IE7 means that your computer is
>> going to complain a lot more about this than one running IE6, in
>> which case it's simple to click & install *once* so one is never
>> bothered again.
>>
>> However, it's true that for anything other than a small/home office,
>> it's better not to use a a self-signed cert. Verisign, Thawte,
>> Geotrust, are some of the big names - Godaddy is a smaller vendor
>> that may work for most people/devices/computers.
>>
>>
>>>
>>> Trevor
>>>
>>> "TrevorJ" wrote:
>>>
>>>> Thanks to you both for the info. Unfortunately, I'm not too much up
>>>> in this certificate thing and wonder if one of you could help me
>>>> further, as I don't fully understand what exactly I have to do. If
>>>> You can help me on this one, I'll write a little 'how to do it' and
>>>> give the instructions to any one else that's P'd off about it.
>>>> If it makes any difference, I am running XP Pro SP2 on my tower and
>>>> Vista Home Premium on my laptop, both with IE7. All patches up to
>>>> date. @Paul.
>>>> I like your sig block sentiments, but I suspect that quite a few
>>>> arguments an flaming incidents have been prevented by their use :-)
>>>> Trevor
>>>>
>>>>
>>>>
>>>> "S. Pidgorny <MVP>" wrote:
>>>>
>>>>> You can extract the root by analysing the certificate properties
>>>>> and add it to the trusted root store...
>>>>>
>>>>> The IT people are very unprofessional. It's one click too much.
>>>>>
>>>>> --
>>>>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>>>>> -= F1 is the key =-
>>>>>
>>>>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>>>>
>>>>>
>>>>>> Thanks for the reply.
>>>>>> I have tried talking to our IT people, but their response is
>>>>>> 'It's only one
>>>>>> more click'. I (temporarily) tried unchecking the IE Warn
>>>>>> about.... but that
>>>>>> didn't solve the problem.
>>>>>> You would have thought that you could 'import' a certificate
>>>>>> from a trusted
>>>>>> site, even if it was not strictly valid.
>>>>>> Thanks again, I suppose that I will have to put up with the extra
>>>>>> click.
>>>>>>
>>>>>> Trevor
>>>>>>
>>>>>>
>>>>>> "S. Pidgorny <MVP>" wrote:
>>>>>>
>>>>>>> In IE security options, there's one which is to "Warn about
>>>>>>> invalid site certificates". You cannot disable the warning for a
>>>>>>> single site though.
>>>>>>>
>>>>>>> I suggest looking into the root issue and making the root which
>>>>>>> is always used by your infrastructure trusted. Make sure you
>>>>>>> know why exactly you get
>>>>>>> the warning.
>>>>>>>
>>>>>>> --
>>>>>>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>>>>>>> -= F1 is the key =-
>>>>>>>
>>>>>>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>>>>>>
>>>>>>>> I work for a school which has internet access to the school
>>>>>>>> network via a
>>>>>>>> https address. When connecting IE produces the following
>>>>>>>> message: "The security certificate presented by this website
>>>>>>>> was not issued by a trusted
>>>>>>>> certificate authority." Although the certificate cannot be
>>>>>>>> traced back, I
>>>>>>>> would like to avoid this message every time I log on. I have
>>>>>>>> tried importing
>>>>>>>> the certificate and placing he site into my 'trusted sites'
>>>>>>>> area, but to
>>>>>>>> no
>>>>>>>> avail. Is there a way of achieving what I want to do?
>>>>>>>> TIA. Trevor
| 
XML site map