When accessing a page using HTTPS, the browser may show this error(appearance may vary in different browsers):
If select "Continue...", the page may be eventually displayed with a red cross error:
How to resolve this error?Environment:
The client's web browser does not consider the certificate provided by the server to be trusted.
Before starting, we need to define what "remotely
" and "locally
- "Locally" means the device runs browser. For example, when opening a browser to view wikipedia.org, the device is running its browser locally.
- In this article, we limit all local devices to Windows PCs.
- "Remotely" means computer runs service. For example, when opening a browser to view wikipedia.org, from browser's point of view, Wikipedia's servers are considered running their services remotely.
Let's look at a certificate without error first.
Above screenshots show 3 key preconditions:
- The Certificate Authority(CA) is issued by must exist locally. This can be confirmed by using MMC:
- IMPORTANT: MMC must be opened locally.
- URL in browser must match the one certificate is issued to.
- In the example above, URL in browser "www.wikipedia.org" matches "Issued to" URL in certificate "*.wikipedia.org".
- This needs to be checked locally.
- Certificate status must show "The certificate is OK".
- This needs to be check both locally and remotely.
Failing to fulfill ANY of the above 3 preconditions will result in the Certificate Error.
Here are how to fix each of them:
- If CA certificate does not exist locally, please manually import the CA certificate (for self-signed certificates), or use a commercial certificate (needs to be purchased). When using the self-sign certificate that comes with the product installation, install the certificate and store in the Certificates (Local Computer) > Trusted Root Certification Authorities store. (see above screenshot). This can be performed by clicking within the IE browser's address bar section that says "Certificate error" > View certificate > "Install certificate", or by manually exporting the certificate from the server and installing locally on the client's PC.
- If URL does not match certificate, change the URL in browser.
- If certificate status is not OK, contact website administrator to fix this problem before binding the certificate to website.