Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Heads up for SBS Sites using self-signed certificates

January 31st 2006 in Uncategorized

SBS (Small Business Server) uses self-signed certificates by default.  This may cause an issue for your users if they are running Internet Explorer 7.  As you can see from the screenshot, direct navigation to the Outlook Web Access log-on URL is blocked by IE7 when self signed certificates are used. 


To help avoid confusion I’d recommend you alert your users to this change in behaviour sooner rather than later, so that they understand that there is nothing wrong with your site or their computer.


Here are the hoops your user will have to jump through to stop the warning page from appearing every time they go to your site.


First, they will see this page.


 


Your users need to click on Continue to this website (not recommended)


They will be presented with the red Address Bar and certificate warning:



Click on the Certificate Error button to open the information window.


 ;


Click on View Certificates.  Then click on Install Certificate.


You’ll see yet another warning.


 ;


Click on Yes, then you’re done.


IE7 on Windows Vista


We see the same problem with self-signed certificates when using IE7 on Windows Vista, but the option to install certificates will not be available unless you run IE with administrator rights (right click the IE icon, select “Run as Administrator”).


3 comments to...
“Heads up for SBS Sites using self-signed certificates”

Cory Kessinger
wrote on September 13th, 2006      

Everything is fine up until the “Install Certificate” part. I don’t get a button to do that. Any ideas why I wouldn’t have that ability?

Thanks,
Cory



Sherri
wrote on October 20th, 2006      

Gee.. thanks so much microsoft for the big scary warning that now displays itself just before my checkout page in IE7. Since my shared cert does not match the domain of my website, but instead matches the server's domain… this scary message will effectively put an end to my small ecommerce site even though my shared cert is still safe for encrypting credit card data. I can't afford to buy a personal certificate year after year. IE6 showed a small dialog box warning- this was fine.

Way to imply that my website is evil. Thanks a lot.

~Disgruntled.

The small dialogue box warning was not fine – and this is why:
http://www.antiphishing.org/

 



Pościel Wełniana
wrote on October 26th, 2006      

It’s a bad move for many e-commerce sites!


Anybody who embedded Robin Schuil’s graphic into their blogs.
Info about the graphic:http://news.com.com/2061-10789_3-6031795.html
<Cue Rick Springfield singing “Don’t talk to strangers….”> No!!  No Springstein!!  Springfield!!
Seriously people… think about this… how hard would it be to replace an innocuous animated GIF with… say, a WMF exploit???
Have a look at the spread of this allegedly innocent prank:http://www.moox.nl/blogworm/
For heavens sake […]

Previous Entry

Yay! Its out (released in the middle of the night my time)http://www.microsoft.com/windows/ie/ie7/
Please remember that this build has been released to allow Developers and IT Professionals to start evaluating IE7 against their Web sites and applications.  The preview is not intended for, and should not be installed in a production environment.  Casual users should not install […]

Next Entry

Archives