Aug 02 2019 01:44 AM
Is there any way to get edge to stop flagging our internal certs as non trusted ? Pkiview.msc shows that there are no problems with the CA windows shows the cert is trusted.
Yet edge marks it as invalid. If the cert is verified up to a trusted root CA it should be valid in edge just like it is in internet explorer.
Aug 28 2019 12:09 PM
Aug 28 2019 12:28 PM - edited Aug 28 2019 12:29 PM
@v-gapart Yes, On the latest version im still having every single cert signed by our internal CA marked as invalid by edge
When i click on the button there it brings up the Windows Certificate Dialog which shows the certificate is fine
Nothing crazy with the cert either its a Windows CA issued cert
v3 Template
sha512RSA
sha512
RSA 4096
Looks fine in internet explorer.
Oct 03 2019 11:32 AM
I think it would be nice to have a list of urls that can ignore the certificate trust check.
Sep 08 2020 02:27 PM
Sep 15 2020 07:44 AM
Did you have resolve this issue?
I have also an internal PKI and internal webistes. All internal sites showed UNSAFE.
Do you have maybe any resolution for this?
Thanks
Regs
Balazs
Sep 15 2020 09:11 AM
Hi.
I had this problem a few weeks ago too. (Our internal CA was not trusted in Edge.)
I have fixed it by applying our IE-GPO (Internet Explorer settings) on the machine.
I think the problem is caused by an incomplete, incorrect or missing intranet sites list or intranet zone settings. (But I don't looked for the direct settings which was causing the problem.)
Best regards.
htcfreek
Sep 15 2020 09:20 AM
Sep 16 2020 05:12 AM
I don't know what I should explain to you exactly.
Unfortunatly at the moment I can't reproduce the problem.
But I think the reason could be one of the following setting if it is incorrect:
- Your root ca is not installed.
- Your url is not marked as meber of the zone intranet in the zone-site-list.
Can you posted the shown security warning id (like NET::ERR_CERT_COMMON_NAME_INVALID). You have to reenable the security warning to see it.
Regards.
Feb 24 2021 03:08 PM
Apr 13 2021 06:37 AM
Mar 28 2023 03:59 PM
@Raymond Preston in my experience the issue was due to the certificate not containing a Subject Alternative Name.
DNS=MS02-2022.contoso-2022.com
Apr 10 2023 05:13 PM
i had the same problem with edge and chrome but not internet explorer .
here what i did to solve it :
1) On the destination server that need the certificate , launch mmc
2) add certificate => loalhost
3) Create custom Request => Proceed without enrollment policy => No template & PKCS#10
General Tab:
4) Frindly name : certificateWebServer
full : Common Name( "FDQN") ,email, country, Locality,Organization, Organization unit
5) in alternatif name , chose DNS and enter the same as Common Name( "FDQN")
6) in Extension tab => Key usage :
CRL Signing,Data enciperment,Decipher only,Digital signature, Encipher only
in Extension tab => Extended Key usage :
server authentificcation
clientauthentificcation
In private Key :
4096 and activate "Make private key exportable"
7) go on your PKI server (eg: http://myPki.lan/certsrv ) paste the request
😎 dowload .cer and install it.
test 🙂
Nov 11 2023 05:02 PM
@BalazsBerczi For anyone running across this I found the solution after a lot of searching and testing. You have to generate the CSR from MMC Certificates. Open advanced operations and then top section, select CN and the value of your FQDN. In the bottom section, select DNS and use FQDN again. Then just request your web server certificate how you normally do. To check open the cert and go details, scroll down and you should see Subject Alternative Names has the DNS name. Make sure you restart iis after you update it on your server.