Forum Discussion
How do i get Edge to trust our internal Certificate Authority
v-gapart Yes, On the latest version im still having every single cert signed by our internal CA marked as invalid by edge
When i click on the button there it brings up the Windows Certificate Dialog which shows the certificate is fine
Nothing crazy with the cert either its a Windows CA issued cert
v3 Template
sha512RSA
sha512
RSA 4096
Looks fine in internet explorer.
MicrosoftRaymond Preston in my experience the issue was due to the certificate not containing a Subject Alternative Name.
DNS=MS02-2022.contoso-2022.com
i had the same problem with edge and chrome but not internet explorer .
here what i did to solve it :
1) On the destination server that need the certificate , launch mmc
2) add certificate => loalhost
3) Create custom Request => Proceed without enrollment policy => No template & PKCS#10
General Tab:
4) Frindly name : certificateWebServer
full : Common Name( "FDQN") ,email, country, Locality,Organization, Organization unit
5) in alternatif name , chose DNS and enter the same as Common Name( "FDQN")
6) in Extension tab => Key usage :
CRL Signing,Data enciperment,Decipher only,Digital signature, Encipher only
in Extension tab => Extended Key usage :
server authentificcation
clientauthentificcation
In private Key :
4096 and activate "Make private key exportable"
7) go on your PKI server (eg: http://myPki.lan/certsrv ) paste the request
😎 dowload .cer and install it.
test 🙂
