Forum Discussion
How do i get Edge to trust our internal Certificate Authority
Is there any way to get edge to stop flagging our internal certs as non trusted ? Pkiview.msc shows that there are no problems with the CA windows shows the cert is trusted.
Yet edge marks it as invalid. If the cert is verified up to a trusted root CA it should be valid in edge just like it is in internet explorer.
- v-gapartMicrosoft
- Raymond PrestonCopper Contributor
v-gapart Yes, On the latest version im still having every single cert signed by our internal CA marked as invalid by edge
When i click on the button there it brings up the Windows Certificate Dialog which shows the certificate is fine
Nothing crazy with the cert either its a Windows CA issued cert
v3 Template
sha512RSA
sha512
RSA 4096Looks fine in internet explorer.
- BalazsBercziCopper Contributor
Did you have resolve this issue?
I have also an internal PKI and internal webistes. All internal sites showed UNSAFE.
Do you have maybe any resolution for this?
Thanks
Regs
Balazs
- haitsongMicrosoft
I think it would be nice to have a list of urls that can ignore the certificate trust check.
- Nawar-AlMallouhiCopper ContributorHey Raymond,
Any chance you got a fix for this ? - GotToBeStrongCopper ContributorBump: 2021 now and still no resolution? I've recently run into this deploying an internal ERP solution's web front-end. The solution is designed only to work in Edge; but Edge won't trust our internal domain CA certs no matter what I do. I even spent the last week upgrading PKI signing hash algorithms to make sure we were within current standards (even though the offline root CA in a multi-tier infrastructure shouldn't matter). The solution won't be public facing, so purchasing a public cert seems pointless and a waste for this essentially cosmetic warning.
Looked at this every which way and while I can get Edge to give me different errors depending on how I construct the URL to request our ERP's web page the overarching end result is Edge simply doesn't seem to like internal Domain CA certs.- cable1406Copper ContributorI've found this issue to happen if the Root Certificate or a Certificate in the Path of the WebServer Certificate has a length of less than 4096 bits as that is a requirement of Edge,
https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-certificate-requirements#certificate-algorithms