Just another Microsoft MVPs site

Vista RC2, IE7 and SBS Self-Signed Certs

Yes Virginia – there is a Santa Claus . . .    oh wait, wrong story . . .

So as I mentioned in my previous post, I took the plunge and installed Vista RC2 on my primary production machine, and so far it’s going well . . .  granted a bit of a learning curve – but well worth it.

Like a lot of SBSers out there, we’re making extensive use of self-signed SSL certificates for accessing RWW, OWA, ActiveSync, etc.  Well, if you’re being a good little tech and running Vista as a non-admin, and you haven’t had much experience with IE7 yet, you might be trying to figure out just how to get those certs installed . . .

The first thing you notice when browsing to a site using a self-signed certificate, is that you don’t get to see the site right away – rather, IE7 gives you a full page warning insted of the old Security Warning pop-up.  So, you click to continue to the website, and you’ll notice that your address bar has changed to a deep red indicating the security risk with this site.  If you click on the ‘Certificate Error’ in the address bar, you can view the certificate.  But viewing the certificate – you notice one minor problem . . .   you don’t have an option to actually install the cert!

The thing is, you need to have administrator permissions to install your cert.  So here’s the trick . . .   click on Start | Programs.  Right-click on Internet Explorer and select ‘Run as Administrator.’  When prompted, enter admin credentials, and IE opens.  Navigate to your site, on the warning page select to continue to the site, then click on the Certificate Error in the address bar, and then view the certificate.  Now you have the option to install the cert.  But slow down there, young grasshopper . . .    if you just click through the add cert wizard like you do in XP, it’s not going to work for you.  You see, by default the add cert wizard is going to install the certificate for just the current user – and since we’re running IE as Administrator – you guessed it – the cert gets installed for the Administrator account – not yours.  So how do you get around this?  When you’re running the import cert wizard, you’re going to want to specify a location for the certificate:

Click Browse, the click to select ‘Show physical locations’ – then scroll up in the list, expand Trusted Root Certification Authorities and select Local Computer.

 Click OK, then finish the import certificate wizard.  Close IE (after all, you don’t want to be browsing as an admin)

Open IE, navigate to your site and voila!  There you go . . .


  1. Terrance Dwyer

    Nice catch. Didn’t realize that you could in fact install the cert. I knew that you accept, ignore, reject. Most are flagged for mismatch. Would be happy to hear you epand a bit on this.


  2. Tim Barrett

    Thanks for the tip on this Chad!! 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *