I've written an application that uses some flash components. To allow these flash components to work with other machines, I need to accept certificates from these machines or skip certificate errors permanently on user machines to accomplish this.
I tried the following, but none of this worked for me:
- Install certificate to the Trusted Root Certification Authorities.
- Adding the site to the trusted sites in Internet Explorer.
- Clearing the SSL cache, browsing history, browser cache, etc.
- Uncheking "Warn about certificate address mismatch" in the Advanced tab of Internet Explorer
settings. - Unchecking "Check for publisher's/server certificate revocation". Rebooting machine, reloading IE, and cleaning the Windows registry.
Nothing stated above was able to help me.
I also have read/heard 'warn about invalid site certificates' setting in Internet Explorer (this article states it exists), but I haven't find it in the Internet Explorer 9 settings.
Could somebody suggest any way of how certificate warning can be skipped?
Thanks in advance!
p.s. Here is what the warning states:
- The security certificate presented by this website was not issued by a trusted certificate authority. (Installing certificate to the Trusted Root Certification Authorities should resolve it, but it didn't)
- The security certificate presented by this website was issued for a different website's address.(Unchecking "Warn about certificate address mismatch" in advanced tab of Internet Explorer settings should resolve it, but it didn't as well)
Best Answer
Adding the certificate to the Trusted Root CA store will resolve the "The security certificate presented by this website was not issued by a trusted certificate authority." message. Note that you need to trust the root certificate that the server's certificate chains to, which may or may not be the same certificate that the server sent.
The "Warn about certificate address mismatch" checkbox resolves the "Security certificate presented for this website was issued for a different website's address" error only. It's unsafe to uncheck this box because it applies to all sites.
Changing "Check for publisher/server certificate revocation" will not help you.
If you're doing this only for test purposes, consider simply running Fiddler in HTTPS-decryption mode. Fiddler will hit the certificate error and you can ignore it for the lifetime of the Fiddler session.
Alternatively, your best approach is to simply fix the certificate on the other server. If it's self-signed and you don't want to pay for a CA certificate, at a very minimum you should update the self-signed certificate to contain the proper CN or SubjectAltName to match that server's hostname.