Getting rid of the pink (AKA installing a self signed cert in Vista)

Step one – Right mouse click Internet Explorer and Click on Run as Administrator

Step two – Approve IE  – and for a REALLY great book on WHY this is doing this I suggest you read this book.

Step three – Ensure that the IE window down at the bottom says “Protected Mode off”


Step four – Launch the site and click through the cert error (click continue)

Step five – click on the bar that says “Certificate Error” on the upper right.


Step six – Click View Certificate


Step seven – Click on install certificate


step eight – Click next


step nine – Specifically place the cert in the trusted Root Certification Authorities


step ten – click next


step 11 – Click finish.

step 12 – At the end of hitting finish you will get a “are you sure” window… if you don’t see this the cert install isn’t working right.


step 13 – Click yes.


step 14 – To confirm this, close down IE and relaunch as a normal user (not as Admin)

Any web site that needs a SSL should no longer be pink, and inside IE, in the content, certificates tab, you’ll see Your self signed cert as a trusted cert now.


One Thought on “Getting rid of the pink (AKA installing a self signed cert in Vista)

  1. This is an excellent example of security taken too far.

    Try to get your average user to do this. Seriously. Most of them can’t do this.

    It gets worse if you’re trying to run as a Standard User. The Run as Administrator prompts you for an Administrator account, which means the Administrator’s Certificate Store is used, so you then need to run certmgr.msc as Administrator, export the certificate, then import it back in after running certmgr.msc as the standard user.

    IE7 on Vista has essentially killed the self-signed certificate for Joe Average user. So has Citrix Presentation Client 10.x. Never mind trying to get a self-signed certificate installed into the Java keystore – seeing as it ignores looking at the MS certificate store…

    If HTTP/HTTPS is your only deployment mechanism for your self-signed certificates, make life easier for Vista users by making them available for download from a plain HTTP site. Better still, create your own Root CA (with a nice long expiry time), then sign all your certificates using the Root CA. That way you only have to go through this nonsense once per machine/user login.

Post Navigation