Forum menu
A particular company has an IT policy saying we should avoid sites where we get security warnings such as :
There are problems with the security certificate for this site - This Certificate is not from a trusted authority
They also have an IT policy say we should use the Webmail server to access our email when out of the office.
Guess what message I get when I connect to the web mail page. Yep, security warning. What does the company need to do to get a trusted certificate?
Pay or self sign and distribute to all their clients.
Ah, Pay. That would be the problem
Buy one from a trusted source.
Or set your own certificate as trusted.
This report pretty much sums things up, certainly reflects my experience of playing with SSL, digital certificates and the like:
http://www.theregister.co.uk/2011/04/11/state_of_ssl_analysis/
What Brassneck said.
I can wax lyrical at length on this, but the abridged version is either:
you need to buy a server cert from a trusted source (eg, Verisign et al),
or, you need to self-certify and then copy the associated root cert to your client PC so that your issing certificate authority server is a trusted source of certificates.
The former will cost money, the latter will require an administrative overhead.
The other thing is,
The FQDN on the cert has to match the domain in the URL. So, for instance, if you connect to https://www.webmail.domain.com and the cert is for https://webmail.domain.com you'll get a cert error. You should be able to expand the error and find out what it's actually complaining about.
I've seen certs for .local domains far too many times.
Bloody SBS!!
As a single name or SAN/UC cert?
Third option:
FREE self-cert 128 bit SSL from startcom
I've used these guys for 3-4 years to encrypt our frontend mailserver
Added bonus now is all major browsers recognise startcom CA by default
Worth a look imo
oddly enough I get these warning accessing govt websites from a government computer