Enterprise CA not trusted

%3CLINGO-SUB%20id%3D%22lingo-sub-1190145%22%20slang%3D%22en-US%22%3EEnterprise%20CA%20not%20trusted%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1190145%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20IE%2011%20our%20CA%20is%20trusted%20and%20we%20dont%20have%20any%20problems%20with%20our%20websites.%20In%20Version%2080.0.361.57%20(64-Bit)%26nbsp%3B%20none%20of%20our%20intranet%20websites%20is%20trusted%20and%20therefore%20doesnt%20provide%20SSL%20connection.%3C%2FP%3E%3CP%3Ethe%20certificate%26nbsp%3B%20ist%20especially%20created%20for%20this%20website%20so%20there%20is%20no%20SAN%20entry.%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22c01164%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1203966%22%20slang%3D%22en-US%22%3ERe%3A%20Enterprise%20CA%20not%20trusted%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1203966%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F548503%22%20target%3D%22_blank%22%3E%40Naddel%3C%2FA%3E%26nbsp%3BWe%20are%20now%20reissuing%20our%20certificates%2C%20seems%20to%20be%20a%20better%20(and%20safer)%20solution%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1217096%22%20slang%3D%22en-US%22%3ERe%3A%20Enterprise%20CA%20not%20trusted%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1217096%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F548503%22%20target%3D%22_blank%22%3E%40Naddel%3C%2FA%3E%26nbsp%3BIE11%20doesn't%20check%20if%20the%20certificate%20has%20a%20SAN%20entry%20but%20new%20browsers%20(Chrome%2C%20Firefox%2C%20Safari%2C%20etc..)%20do%20that.%3CBR%20%2F%3EYou%20need%20to%20reissuing%20the%20certificates%20with%20a%20SAN%20entry.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

In IE 11 our CA is trusted and we dont have any problems with our websites. In Version 80.0.361.57 (64-Bit)  none of our intranet websites is trusted and therefore doesnt provide SSL connection.

the certificate  ist especially created for this website so there is no SAN entry. 

 

 

2 Replies

@Naddel We are now reissuing our certificates, seems to be a better (and safer) solution

@Naddel IE11 doesn't check if the certificate has a SAN entry but new browsers (Chrome, Firefox, Safari, etc..) do that.
You need to reissuing the certificates with a SAN entry.