Sometimes a warning message is displayed when you visit a secure web site on an intranet. Often that's because of an issue with the "chain of trust." The warning messages displayed by browsers in this case are frightening and not that easy to understand. This article explains why the warning is displayed, when it is appropriate to continue to the site, and how to get past the warning if you decide to continue. See this document which was written for users of University of Washington intranets, but the principles and procedures are broadly applicable: http://www.cs.washington.edu/lab/www/root-certificates/#ie7
Another confirming article written by Indiana University is at https://www.cs.indiana.edu/Facilities/FAQ/WWW/securityerror.html#IE
In our case, The Monticello Corporation for Paper Tiger-Digital Tiger Filing System Software for document management, the error has to do with the https:// url when creating an account and when signing into the app which gives the user an added layer of security. In addition, while we always encrypt login and billing pages, the user is free to choose whether or not they would like the entire application to use the secure connection from the Accounts tab after they have logged in.
When a web address starts with https:/ / instead of http:/ /, it's using SSL-the secure sockets layer (or successor protocol TLS). That means two things:
- traffic between the site and your browser is encrypted
- the site has taken steps to certify its identity
It's all done using a certificate-a special file on the web server, presented to visiting web browsers, that contains a little bit of data about who it claims to be and why we should believe it. When you connect to a web server using secure SSL via https:// URLs, your web browser will attempt to verify the identity of the server. This doesn't mean that there is a security problem, just that the web browser can't verify the identity of the web server. Now, if you were connecting to your bank's web site and got this error, then something is probably amiss. But, if you are connecting so a smaller site or personal web server via https then this may be normal behavior.
How can I tell if I have a secure connection?
In Internet Explorer, you will see a lock icon in the Security Status bar.
The Security Status bar is located on the right side of the Address bar.
The certificate that is used to encrypt the connection also contains information about the identity of the website owner or organization. You can click the lock to view the identity of the website.
The error's might look something like the following depending on your internet browser.
When this happens with firefox, you will get an error message like the following:
This is normal and in order to continue you should do the following:
- Click on the link at the bottom of the error page that says "Or you can add an exception...".
- Click on "Add Exception..."
- Click on "Get Certificate"
- Verify that the "Permanently store this exception" box is checked
- Click on "Confirm Security Exception"
This is normal and in order to continue you can just click on "Continue to this website (not recommended)". If you want to prevent this error from happening each
time you use IE, you can do the following to add a permanent exception
- Click on the box to the right of the web address, which has "Certificate Error" in it.
- In the Untrusted Certificate box, click on View Certificates at the bottom.
- Click on the General tab and then click on Install Certificate
- At the Welcome to the Certificate Import Wizard, click Next
- With "Automatically select the certificate store based on the type of certificate" selected, click Next
- At the "Completing the Certificate Import Wizard" click Finish.
- You should see the Certificate Import Box, which should say "The import was successful". Click OK.
- Click OK to clear the Certificate Import Wizard.
The Monticello Corporation's Certificate Information
From Internet Explorer, the certificate will look like this:
In Firefox, it will look like this: