Heads up for SBS Sites using self-signed certificates

SBS (Small Business Server) uses self-signed certificates by default.  This may cause an issue for your users if they are running Internet Explorer 7.  As you can see from the screenshot, direct navigation to the Outlook Web Access log-on URL is blocked by IE7 when self signed certificates are used. 

To help avoid confusion I'd recommend you alert your users to this change in behaviour sooner rather than later, so that they understand that there is nothing wrong with your site or their computer.

Here are the hoops your user will have to jump through to stop the warning page from appearing every time they go to your site.

First, they will see this page.

 

Your users need to click on Continue to this website (not recommended)

They will be presented with the red Address Bar and certificate warning:

Click on the Certificate Error button to open the information window.

 ;

Click on View Certificates.  Then click on Install Certificate.

You'll see yet another warning.

 ;

Click on Yes, then you're done.

IE7 on Windows Vista

We see the same problem with self-signed certificates when using IE7 on Windows Vista, but the option to install certificates will not be available unless you run IE with administrator rights (right click the IE icon, select "Run as Administrator").

Published Tue, Jan 31 2006 22:49 by sandi

Comments

# A beta release of IE 7 means....

Tuesday, January 31, 2006 9:52 PM by E-Bitz - SBS MVP the Official Blog of the SBS "Diva"
Beta -- http://en.wikipedia.org/wiki/Development_stage#Beta When a beta becomes available to the...

# re: Heads up for SBS Sites using self-signed certificates

Wednesday, September 13, 2006 1:36 PM by Cory Kessinger
Everything is fine up until the "Install Certificate" part. I don't get a button to do that. Any ideas why I wouldn't have that ability? Thanks, Cory

# re: Heads up for SBS Sites using self-signed certificates

Friday, October 20, 2006 7:54 AM by Sherri

Gee.. thanks so much microsoft for the big scary warning that now displays itself just before my checkout page in IE7. Since my shared cert does not match the domain of my website, but instead matches the server's domain... this scary message will effectively put an end to my small ecommerce site even though my shared cert is still safe for encrypting credit card data. I can't afford to buy a personal certificate year after year. IE6 showed a small dialog box warning- this was fine.

Way to imply that my website is evil. Thanks a lot.

~Disgruntled.

The small dialogue box warning was not fine - and this is why:
http://www.antiphishing.org/

 

# Once you install the certificate...

Monday, October 23, 2006 1:07 AM by E-Bitz - SBS MVP the Official Blog of the SBS "Diva"

Maybe I'm weird... but once I've installed the self signed certificate on my machine, I don't

# Do we really need a patch for this?

Monday, October 23, 2006 2:54 AM by E-Bitz - SBS MVP the Official Blog of the SBS "Diva"

Okay so when we use IE7 on our self signed certs it gives a warning as it should... and I'm going

# re: Heads up for SBS Sites using self-signed certificates

Thursday, October 26, 2006 7:56 AM by Pościel Wełniana
It's a bad move for many e-commerce sites!

# A new protection against phishing will start soon - Extended Validation (EV) SSL Certificates

Wednesday, November 08, 2006 6:49 AM by Spyware Sucks

The internet is not what it once was - the time of innocence is long gone. The bad guys are making sustained,

# New IE7 Knowledge Base article: problem with website security certificates

Sunday, February 11, 2007 6:36 AM by Spyware Sucks

Warning message when a user tries to connect to a secure Web site by using Internet Explorer 7: "There