Is there any way to get edge to stop flagging our internal certs as non trusted ? Pkiview.msc shows that there are no problems with the CA windows shows the cert is trusted. Yet edge marks it as invalid. If the cert is verified up to a trusted root CA it should be valid in edge just like it is in internet explorer.

Raymond Preston Are you still seeing this behavior in Edge? Gabriel

v-gapart Yes, On the latest version im still having every single cert signed by our internal CA marked as invalid by edge When i click on the button there it brings up the Windows Certificate Dialog which shows the certificate is fine Nothing crazy with the cert either its a Windows CA issued cert v3 Templatesha512RSAsha512RSA 4096 Looks fine in internet explorer.

I think it would be nice to have a list of urls that can ignore the certificate trust check.

Hey Raymond,Any chance you got a fix for this ?

HiRaymond Preston Did you have resolve this issue? I have also an internal PKI and internal webistes. All internal sites showed UNSAFE. Do you have maybe any resolution for this? ThanksRegsBalazs

How do i get Edge to trust our internal Certificate Authority

13 Replies

GotToBeStrong
Copper Contributor
Feb 24, 2021
Bump: 2021 now and still no resolution? I've recently run into this deploying an internal ERP solution's web front-end. The solution is designed only to work in Edge; but Edge won't trust our internal domain CA certs no matter what I do. I even spent the last week upgrading PKI signing hash algorithms to make sure we were within current standards (even though the offline root CA in a multi-tier infrastructure shouldn't matter). The solution won't be public facing, so purchasing a public cert seems pointless and a waste for this essentially cosmetic warning.
Looked at this every which way and while I can get Edge to give me different errors depending on how I construct the URL to request our ERP's web page the overarching end result is Edge simply doesn't seem to like internal Domain CA certs.
- cable1406
  Copper Contributor
  Apr 13, 2021
  I've found this issue to happen if the Root Certificate or a Certificate in the Path of the WebServer Certificate has a length of less than 4096 bits as that is a requirement of Edge,
  
  https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-certificate-requirements#certificate-algorithms
Nawar-AlMallouhi
Copper Contributor
Sep 08, 2020
Hey Raymond,

Any chance you got a fix for this ?
haitsong
Former Employee
Oct 03, 2019
I think it would be nice to have a list of urls that can ignore the certificate trust check.
v-gapart
Former Employee
Aug 28, 2019
Raymond Preston

Are you still seeing this behavior in Edge?

Gabriel
- Raymond Preston
  Copper Contributor
  Aug 28, 2019
  v-gapart Yes, On the latest version im still having every single cert signed by our internal CA marked as invalid by edge
  
  When i click on the button there it brings up the Windows Certificate Dialog which shows the certificate is fine
  
  Nothing crazy with the cert either its a Windows CA issued cert
  
  v3 Template
  sha512RSA
  sha512
  RSA 4096
  
  Looks fine in internet explorer.
  - BlakeDrumm
    Microsoft
    Mar 28, 2023
    Raymond Preston in my experience the issue was due to the certificate not containing a Subject Alternative Name.
    
    DNS=MS02-2022.contoso-2022.com

Forum Discussion

How do i get Edge to trust our internal Certificate Authority

13 Replies

Resources