How to deal with and accept SelfSigned SSL certificate in IE?

Question

I've a VM that has a self-sign certificate. If I test my https page in Firefox or Chrome, I just need to accept or add exception for the cert and I will be fine. I can make JSON call or JSONP call.

However, when I do it in IE, I can't. I add the certificate as ROOT cert, and then

1) every time I restart the browser, it will ask for the certificate again.

2) every time I make JSONP call with https, IE doesn't like it and show "IE has blocked this website from displaying content with security certificate error...". and even I click "display blocked content", it doesn't help and show up anything. :(

any idea how to deal with IE (without getting a real cert) Thanks.

Answer 1

When Internet Explorer presents the screen with the warning "There is a problem with this website's security certificate", follow these steps to create a security exception for this site:

1. Click on "Continue to this website (not recommended)."
2. Right-click on the background of the page
3. Select "Properties"
4. Click the "Certificates" button
5. Click the "Install Certificate..." button
6. Click the "Next >" button
7. Select "Place all certificates in the following store"
8. Click the "Browse..." button
9. Select "Trusted Root Certification Authorities"
10. Click the "OK" button
11. Click the "Next >" button
12. Click the "Finish" button
13. A security warning pops up. If you are sure the certificate is safe, click the "Yes" button
14. A notification pops up "The import was successful." Click "OK"

From now on (until the self-signed certificate expires), you will not get the certificate warning every time you go to that page.

If this doesn't work, you may have already installed the certificate in the wrong location. To remove an incorrectly installed certificate, open Internet Options, click on the "Content" tab, click the "Certificates" button, find your certificate in one of the tabbed lists, and click the "Remove" button. Then try following the preceding directions again.

If it keeps failing after that, there is a high probability that your certificate is invalid. Right-click the web page, select "Properties", click on "Certificates", and double-check that the "Issued to:" name matches the domain in the URL bar, and that the "Valid from ... to ... " dates include the date that the client machine is set to.

If the Install Certificate is greyed out, you have to run iexplore as administrator.

Answer 2

Did you put it in the user Trusted Roots certificate store or the machine? Are you running as the same user? Putting a self signed certificate in the Trusted Roots store should work fine.

Alternatively, look at the wire traffic and see if the proper certificate is being sent to the client, it might be a server config problem.