SSL not trusted

  • Thread starter Thread starter Muson
  • Start date Start date
M

Muson

Guest
Hello,

I created 2 tier CA infrastructure - ofline root CA, and domain joined
subordinate CA. I created certificate and installed it on web server. When
someone visits our page, gets message that certificate is not trusted, if i
try to install certificate on the client in IE, it finishes with success
message. But next time when i visit same site, server certificate still not
trusted, if i install root CA certificate on client, then it is ok.

The Question - How i can create certificate that could be trusted simple by
installing web servers certificate and will that certificate work with
mobile devices (ActiveSync).

--
Muson
 
Re: SSL not trusted

All clients should trust the root. This is one of PKI desogn guiding
principles.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Muson" <muson@nu.nu> wrote in message
news:%23ZtbkuH6HHA.2752@TK2MSFTNGP06.phx.gbl...
> Hello,
>
> I created 2 tier CA infrastructure - ofline root CA, and domain joined
> subordinate CA. I created certificate and installed it on web server. When
> someone visits our page, gets message that certificate is not trusted, if
> i try to install certificate on the client in IE, it finishes with success
> message. But next time when i visit same site, server certificate still
> not trusted, if i install root CA certificate on client, then it is ok.
>
> The Question - How i can create certificate that could be trusted simple
> by installing web servers certificate and will that certificate work with
> mobile devices (ActiveSync).
>
> --
> Muson
 
Re: SSL not trusted

Then following question

I would like to import rootca certificate on client when visiting site, but
i don't see certificate hierarchy, to import (trust) root ca, i see only
target server certificate. So i have to export root ca certificate, copy it
to client machine and import it.

By the way, how self-signed certificate works..

--
Muson

"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:uDf1oIJ6HHA.5984@TK2MSFTNGP04.phx.gbl...
> All clients should trust the root. This is one of PKI desogn guiding
> principles.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> "Muson" <muson@nu.nu> wrote in message
> news:%23ZtbkuH6HHA.2752@TK2MSFTNGP06.phx.gbl...
>> Hello,
>>
>> I created 2 tier CA infrastructure - ofline root CA, and domain joined
>> subordinate CA. I created certificate and installed it on web server.
>> When someone visits our page, gets message that certificate is not
>> trusted, if i try to install certificate on the client in IE, it finishes
>> with success message. But next time when i visit same site, server
>> certificate still not trusted, if i install root CA certificate on
>> client, then it is ok.
>>
>> The Question - How i can create certificate that could be trusted simple
>> by installing web servers certificate and will that certificate work with
>> mobile devices (ActiveSync).
>>
>> --
>> Muson
>
>
 
Back
Top