Forum Discussion
How do i get Edge to trust our internal Certificate Authority
- Raymond PrestonAug 28, 2019Copper Contributor
v-gapart Yes, On the latest version im still having every single cert signed by our internal CA marked as invalid by edge
When i click on the button there it brings up the Windows Certificate Dialog which shows the certificate is fine
Nothing crazy with the cert either its a Windows CA issued cert
v3 Template
sha512RSA
sha512
RSA 4096Looks fine in internet explorer.
- BlakeDrummMar 28, 2023
Microsoft
Raymond Preston in my experience the issue was due to the certificate not containing a Subject Alternative Name.
DNS=MS02-2022.contoso-2022.com
- naseeb18Apr 11, 2023Copper Contributor
i had the same problem with edge and chrome but not internet explorer .
here what i did to solve it :
1) On the destination server that need the certificate , launch mmc
2) add certificate => loalhost
3) Create custom Request => Proceed without enrollment policy => No template & PKCS#10
General Tab:
4) Frindly name : certificateWebServer
full : Common Name( "FDQN") ,email, country, Locality,Organization, Organization unit
5) in alternatif name , chose DNS and enter the same as Common Name( "FDQN")
6) in Extension tab => Key usage :
CRL Signing,Data enciperment,Decipher only,Digital signature, Encipher only
in Extension tab => Extended Key usage :
server authentificcation
clientauthentificcation
In private Key :
4096 and activate "Make private key exportable"
7) go on your PKI server (eg: http://myPki.lan/certsrv ) paste the request
😎 dowload .cer and install it.
test 🙂
- BalazsBercziSep 15, 2020Copper Contributor
Did you have resolve this issue?
I have also an internal PKI and internal webistes. All internal sites showed UNSAFE.
Do you have maybe any resolution for this?
Thanks
Regs
Balazs
- Naomarn22Nov 12, 2023Copper Contributor
BalazsBerczi For anyone running across this I found the solution after a lot of searching and testing. You have to generate the CSR from MMC Certificates. Open advanced operations and then top section, select CN and the value of your FQDN. In the bottom section, select DNS and use FQDN again. Then just request your web server certificate how you normally do. To check open the cert and go details, scroll down and you should see Subject Alternative Names has the DNS name. Make sure you restart iis after you update it on your server.