How do i get Edge to trust our internal Certificate Authority

%3CLINGO-SUB%20id%3D%22lingo-sub-785333%22%20slang%3D%22en-US%22%3EHow%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-785333%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20way%20to%20get%20edge%20to%20stop%20flagging%20our%20internal%20certs%20as%20non%20trusted%20%3F%20Pkiview.msc%20shows%20that%20there%20are%20no%20problems%20with%20the%20CA%20windows%20shows%20the%20cert%20is%20trusted.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYet%20edge%20marks%20it%20as%20invalid.%20If%20the%20cert%20is%20verified%20up%20to%20a%20trusted%20root%20CA%20it%20should%20be%20valid%20in%20edge%20just%20like%20it%20is%20in%20internet%20explorer.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-827838%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-827838%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F95142%22%20target%3D%22_blank%22%3E%40Raymond%20Preston%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAre%20you%20still%20seeing%20this%20behavior%20in%20Edge%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGabriel%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-827884%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-827884%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F299596%22%20target%3D%22_blank%22%3E%40v-gapart%3C%2FA%3E%26nbsp%3BYes%2C%20On%20the%20latest%20version%20im%20still%20having%20every%20single%20cert%20signed%20by%20our%20internal%20CA%20marked%20as%20invalid%20by%20edge%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20285px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F128988i572ECEDAEF15A301%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Edge.png%22%20title%3D%22Edge.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20i%20click%20on%20the%20button%20there%20it%20brings%20up%20the%20Windows%20Certificate%20Dialog%20which%20shows%20the%20certificate%20is%20fine%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20159px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F128990iCE1E2EBF51D6C9FC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Edge2.png%22%20title%3D%22Edge2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENothing%20crazy%20with%20the%20cert%20either%20its%20a%20Windows%20CA%20issued%20cert%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ev3%20Template%3CBR%20%2F%3Esha512RSA%3CBR%20%2F%3Esha512%3CBR%20%2F%3ERSA%204096%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooks%20fine%20in%20internet%20explorer.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-891969%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-891969%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20it%20would%20be%20nice%20to%20have%20a%20list%20of%20urls%20that%20can%20ignore%20the%20certificate%20trust%20check.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1646304%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1646304%22%20slang%3D%22en-US%22%3EHey%20Raymond%2C%3CBR%20%2F%3E%3CBR%20%2F%3EAny%20chance%20you%20got%20a%20fix%20for%20this%20%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1668924%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1668924%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F136270%22%20target%3D%22_blank%22%3E%40Raymond%20Preston%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDid%20you%20have%20resolve%20this%20issue%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20also%20an%20internal%20PKI%20and%20internal%20webistes.%20All%20internal%20sites%20showed%20UNSAFE.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20maybe%20any%20resolution%20for%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3BThanks%3C%2FP%3E%3CP%3ERegs%3C%2FP%3E%3CP%3EBalazs%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1669588%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1669588%22%20slang%3D%22en-US%22%3E%3CP%3EHi.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20this%20problem%20a%20few%20weeks%20ago%20too.%20(Our%20internal%20CA%20was%20not%20trusted%20in%20Edge.)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20fixed%20it%20by%20applying%20our%20IE-GPO%20(Internet%20Explorer%20settings)%20on%20the%20machine.%3C%2FP%3E%3CP%3EI%20think%20the%20problem%20is%20caused%20by%20an%20incomplete%2C%20incorrect%20or%20missing%20intranet%20sites%20list%20or%20intranet%20zone%20settings.%20(But%20I%20don't%20looked%20for%20the%20direct%20settings%20which%20was%20causing%20the%20problem.)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards.%3C%2FP%3E%3CP%3Ehtcfreek%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1669627%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1669627%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3ECan%20you%20explain%20how%20exactly%3F%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1672994%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20i%20get%20Edge%20to%20trust%20our%20internal%20Certificate%20Authority%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1672994%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F794526%22%20target%3D%22_blank%22%3E%40Nawar-AlMallouhi310%3C%2FA%3E%20.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20know%20what%20I%20should%20explain%20to%20you%20exactly.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunatly%20at%20the%20moment%20I%20can't%20reproduce%20the%20problem.%3C%2FP%3E%3CP%3EBut%20I%20think%20the%20reason%20could%20be%20one%20of%20the%20following%20setting%20if%20it%20is%20incorrect%3A%3C%2FP%3E%3CP%3E-%20Your%20root%20ca%20is%20not%20installed.%3C%2FP%3E%3CP%3E-%20Your%20url%20is%20not%20marked%20as%20meber%20of%20the%20zone%20intranet%20in%20the%20zone-site-list.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20posted%20the%20shown%20security%20warning%20id%20(like%20NET%3A%3AERR_CERT_COMMON_NAME_INVALID).%20You%20have%20to%20reenable%20the%20security%20warning%20to%20see%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Is there any way to get edge to stop flagging our internal certs as non trusted ? Pkiview.msc shows that there are no problems with the CA windows shows the cert is trusted.

 

Yet edge marks it as invalid. If the cert is verified up to a trusted root CA it should be valid in edge just like it is in internet explorer.

8 Replies
Highlighted

@Raymond Preston 

 

Are you still seeing this behavior in Edge?

 

Gabriel

Highlighted

@v-gapart Yes, On the latest version im still having every single cert signed by our internal CA marked as invalid by edge

 

Edge.png

 

When i click on the button there it brings up the Windows Certificate Dialog which shows the certificate is fine 

 

Edge2.png

 

Nothing crazy with the cert either its a Windows CA issued cert 

 

v3 Template
sha512RSA
sha512
RSA 4096

 

Looks fine in internet explorer.

Highlighted

I think it would be nice to have a list of urls that can ignore the certificate trust check.

Highlighted
Hey Raymond,

Any chance you got a fix for this ?
Highlighted

Hi@Raymond Preston 

 

Did you have resolve this issue?

 

I have also an internal PKI and internal webistes. All internal sites showed UNSAFE.

 

Do you have maybe any resolution for this?

 Thanks

Regs

Balazs

Highlighted

Hi.

 

I had this problem a few weeks ago too. (Our internal CA was not trusted in Edge.)

 

I have fixed it by applying our IE-GPO (Internet Explorer settings) on the machine.

I think the problem is caused by an incomplete, incorrect or missing intranet sites list or intranet zone settings. (But I don't looked for the direct settings which was causing the problem.)

 

Best regards.

htcfreek

Highlighted
Hi,

Can you explain how exactly?

Regards
Highlighted

Hi@Nawar-AlMallouhi310 .

 

I don't know what I should explain to you exactly.

 

Unfortunatly at the moment I can't reproduce the problem.

But I think the reason could be one of the following setting if it is incorrect:

- Your root ca is not installed.

- Your url is not marked as meber of the zone intranet in the zone-site-list.

 

Can you posted the shown security warning id (like NET::ERR_CERT_COMMON_NAME_INVALID). You have to reenable the security warning to see it.

 

Regards.