Hey guys. We have an internal web server on our domain. When we try to access it over HTTPS in our web browsers, it is not trusted. We get the standard "There is a problem with this website's security certificate" error. How can I get this site trusted by all domain computers? I need to know the steps I must take with the web server and our enterprise CA server.

Thank you very much

Recommended Answers

All 5 Replies

If your computers are a member of an Active Directory domain, you can publish the root certificate so that the domain members import tr cert via group policy.

Otherwise, take the root public Cert and import manually on each system.

There are quite a bit of steps involved, Microsoft has how-to guides on TechNet.

So there's no way to accomplish this without using a GPO? I mean besides manually importing the cert on EVERY workstation? Hmm.. I'm pretty sure I someone has said it is possible without using a GPO or doing manual labor.

The reason why your browser doesn't prompt you when accessing most public websites is because cert authorities like verising have their public certain already included in the OS. Public Facing websites use these vendor's certs for the security, trust, and that they are already embedded into the OS and have no need to distribute the certain to their clients.

A private CA requires distribution of the root cert. the most common approach for an internal network that runs AD is via a GPO. It's easily distribute.

I don't see how, other than buying a cert from a trusted authority, what other option you have if you prefer not to distribute Certs.

You could always instruct your users to install the cert when prompted as a last resort.

Well since we are all already domain-joined workstations, we have the Root CA of our domain already installed. Now is there a way to put said web server's certificate in that root certificate chain? Because the root cert is already trusted. The web server's cert, however, is not already trusted.

All you gotta do if the workstations and web server is on the domain is request a certificate to be issued on the web server. Request a cert from the enterprise CA. Then you bind the cert to the website on the web server. Thanks!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.