Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IE8 error with Certificate

I have installed a certificate with multiple Common Names on a Red Hat server in the jks format. The web page can be accessed with Firefox and the certificate gets imported. However, IE8 gives the error "Internet Explorer cannot display the webpage".

I added the cert with MMC and its properties shows "This certificate has an nonvalid digital signature.". Also the cert doesn't have the URL of the web page in it. The cert does have a valid signature in Firefox and the URL mismatch is ignored. How can I get IE8 to accept it. This cert is required for another Application (where it works fine) and cannot be changed except to change the format. I already have it in PKCS12, jks and pem formats.

like image 235
Jon B Avatar asked Jun 18 '10 02:06

Jon B


1 Answers

Let me guess: you're running Windows XP or Window Server 2003, and the certificate uses SHA2?

KB Article: Windows Server 2003 and Windows XP clients cannot obtain certificates from a Windows Server 2008-based certification authority (CA) if the CA is configured to use SHA2 256 or higher encryption, with hotfix.

Windows XP/2003 doesn't understand SHA-256; that's why the digital signature is non-valid.

like image 172
Ian Boyd Avatar answered Oct 26 '22 01:10

Ian Boyd