programming4us
programming4us
DESKTOP

Windows 7 : Configuring and Troubleshooting Internet Explorer Security - How to Troubleshoot Certificate Problems

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Certificates are used for several security-related tasks in Internet Explorer:

  • Encrypting traffic The most common use for certificates in Internet Explorer. Many Web sites, especially e-commerce Web sites that accept credit card numbers, have an SSL certificate installed. This SSL certificate enables HTTPS communications, which behave similar to HTTP, but with encryption and authentication. With standard, unencrypted HTTP, if an attacker has access to the network, the attacker can read all data transferred to and from the server. With encrypted HTTPS, an attacker can capture the traffic, but it will be encrypted and cannot be decrypted without the server's private certificate.

  • Authenticating the server SSL certificates authenticate the server by allowing the client to verify that the certificate was issued by a trusted CA and that one of the names in the certificate matches the host name used to access the site. This helps to prevent man-in-the-middle attacks, whereby an attacker tricks a client computer into visiting a malicious server that impersonates the legitimate server. Web sites on the public Internet typically have SSL certificates issued by a third-party CA that is trusted by default in Internet Explorer. Intranet Web sites can use certificates issued by an internal CA as long as client computers are configured to trust the internal CA.

  • Authenticating the client Intranet Web sites can issue certificates to clients on their network and use the client certificates to authenticate internal Web sites. When using AD DS Group Policy, it is very easy to distribute client certificates throughout your enterprise.

If Internet Explorer detects a problem with a certificate, it displays the message, "There is a problem with this website's security certificate," as shown in Figure 1.

How Internet Explorer detects mismatched SSL certificates

Figure 1. How Internet Explorer detects mismatched SSL certificates

The following list describes common problems that can occur when using certificates in Internet Explorer and how to troubleshoot them.

  • The security certificate presented by this Web site was issued for a different Web site's address In this case, there are several possible causes:

    • The host name you are using to access the Web site is not the Web site's primary address. For example, you might be attempting to access the Web site by Internet Protocol (IP) address. Alternatively, you might be accessing an alternative host name, such as "constoso.com" instead of "www.contoso.com."

      Note

      SUBJECT ALTERNATIVE NAMES

      Historically, SSL certificates have specified the host name for which they are valid by using the Common Name field. For example, you might specify www.contoso.com as the Common Name for your Web site certificate. However, if a user accessed the same site using the host name www.contoso.com, the browser would return an error.

      Since about 2003, most popular browsers have supported SSL certificates with Subject Alternative Names (SANs). SANs are host names for which an SSL certificate is valid. For example, you could create an SSL certificate with a SAN list and allow users to access a single Web server using either www.contoso.com or www.contoso.com.

      You can view a certificate's SAN list by visiting the site using HTTPS and clicking the padlock icon in the address bar of Internet Explorer. Click View Certificates, and then click the Details tab. Select the Subject Alternative Name field to view every host name for which the certificate is valid.

    • The server administrator made a mistake. For example, the administrator might have mistyped the server's host name when requesting the certificate or the administrator might have installed the wrong certificate on the server.

    • The server is impersonating a server with a different host name. For example, an attacker might have set up a Web site to impersonate www.fabrikam.com. However, the attacker is using a different SSL certificate on the Web site. Earlier versions of Internet Explorer show a less intimidating error message, so many users might have bypassed the error and continued to the malicious site.

  • The certificate has expired Certificates have a limited lifespan—usually one to five years. If the certificate has expired, the server administrator should request an updated certificate and apply it to the server.

  • Internet Explorer is not configured to trust the certificate authority Anyone, including attackers, can create a CA and issue certificates. Therefore, Internet Explorer does not trust all CAs by default. Instead, Internet Explorer trusts only a handful of public CAs. If the certificate was issued by an untrusted CA and the Web site is on the public Internet, the server administrator should acquire a certificate from a trusted CA. If the Web site is on your intranet, a client administrator should configure Internet Explorer to trust the issuing CA. In AD DS domains, member computers automatically trust enterprise CAs. For more information, complete the exercises at the end of this lesson.

Other  
  •  Windows 7 : Configuring and Troubleshooting Internet Explorer Security - Adding Sites to the Trusted Sites List , Protected Mode
  •  Windows 7 : Configuring and Troubleshooting Internet Explorer Security - Internet Explorer Add-Ons (part 2) - How to Configure ActiveX Add-Ons
  •  Windows 7 : Configuring and Troubleshooting Internet Explorer Security - Internet Explorer Add-Ons (part 1)
  •  Windows Server 2008 : Using ntdsutil - Seizing an Operations Master Role
  •  Windows Server 2008 : Using ntdsutil - Performing an Authoritative Restore, Removing a Domain Controller from Active Directory
  •  Windows Server 2008 : Using ntdsutil - Moving Active Directory to a Different Drive, Defragmenting Active Directory
  •  Windows Server 2008 : Using ntdsutil - Resetting the Directory Services Restore Mode Password, Changing the Garbage Collection Logging Level
  •  Windows Server 2003 : Deploying Stub Zones - Benefits of Stub Zones, Stub Zone Updates
  •  Windows Server 2003 : Creating Zone Delegations - Delegating Zones
  •  Windows Server 2003 : Configuring Advanced DNS Server Properties (part 2)
  •  
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us
    programming4us
     
     
    programming4us