Aug 02 2019 01:44 AM
Aug 02 2019 01:44 AM
Is there any way to get edge to stop flagging our internal certs as non trusted ? Pkiview.msc shows that there are no problems with the CA windows shows the cert is trusted.
Yet edge marks it as invalid. If the cert is verified up to a trusted root CA it should be valid in edge just like it is in internet explorer.
Aug 28 2019 12:28 PM - edited Aug 28 2019 12:29 PM
@v-gapart Yes, On the latest version im still having every single cert signed by our internal CA marked as invalid by edge
When i click on the button there it brings up the Windows Certificate Dialog which shows the certificate is fine
Nothing crazy with the cert either its a Windows CA issued cert
Looks fine in internet explorer.
Oct 03 2019 11:32 AM
I think it would be nice to have a list of urls that can ignore the certificate trust check.
Sep 15 2020 07:44 AM
Did you have resolve this issue?
I have also an internal PKI and internal webistes. All internal sites showed UNSAFE.
Do you have maybe any resolution for this?
Sep 15 2020 09:11 AM
I had this problem a few weeks ago too. (Our internal CA was not trusted in Edge.)
I have fixed it by applying our IE-GPO (Internet Explorer settings) on the machine.
I think the problem is caused by an incomplete, incorrect or missing intranet sites list or intranet zone settings. (But I don't looked for the direct settings which was causing the problem.)
Sep 16 2020 05:12 AM
I don't know what I should explain to you exactly.
Unfortunatly at the moment I can't reproduce the problem.
But I think the reason could be one of the following setting if it is incorrect:
- Your root ca is not installed.
- Your url is not marked as meber of the zone intranet in the zone-site-list.
Can you posted the shown security warning id (like NET::ERR_CERT_COMMON_NAME_INVALID). You have to reenable the security warning to see it.
Feb 24 2021 03:08 PM
Apr 13 2021 06:37 AM
Mar 28 2023 03:59 PM
@Raymond Preston in my experience the issue was due to the certificate not containing a Subject Alternative Name.
Apr 10 2023 05:13 PM
i had the same problem with edge and chrome but not internet explorer .
here what i did to solve it :
1) On the destination server that need the certificate , launch mmc
2) add certificate => loalhost
3) Create custom Request => Proceed without enrollment policy => No template & PKCS#10
4) Frindly name : certificateWebServer
full : Common Name( "FDQN") ,email, country, Locality,Organization, Organization unit
5) in alternatif name , chose DNS and enter the same as Common Name( "FDQN")
6) in Extension tab => Key usage :
CRL Signing,Data enciperment,Decipher only,Digital signature, Encipher only
in Extension tab => Extended Key usage :
In private Key :
4096 and activate "Make private key exportable"
7) go on your PKI server (eg: http://myPki.lan/certsrv ) paste the request
8) dowload .cer and install it.