Desktop Authority creates a self-signed certificate during installation but Internet Explorer and Firefox will not see this as a trusted certificate. Therefore the following types of warnings may be seen when loading the DA Manager.
A self-signed certificate is one that is signed and verified legitimate by the creator of the certificate. Desktop Authority defaults to creating and installing its own secure self-signed server certificate during the installation process. However, you can choose to select a certificate that already exists on the server. This may be the case during an upgrade of Desktop Authority. In most cases, it is recommended to allow Desktop Authority to create a self-signed certificate.
Although Desktop Authority can create the self-signed certificate, Internet Explorer and Firefox will not see this as a trusted certificate.
If Internet Explorer Enhanced Security Configuration (IEESC) is enabled, the following dialog will display when the Desktop Authority console is loaded.
Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration.
One of two things can be done to alleviate this message from appearing each time the console is loaded.
Disable IEESC. It must be said that disabling IEESC is not the most secure route to take. IEESC is used to decrease the exposure of your server and eliminate potential attacks that are prone to occur via Web content and application scripts. When using IEESC (is enabled), Internet Explorer uses security zones to buffer out different types of applications. There are four different security zones, Internet, Local intranet, Trusted Sites and Restricted Sites. Each zone has its own security level and this may be configured. Each security level allows more or less restrictions on the web sites being viewed in the browser window. Disabling IEESC bypasses the browsers security zones, hence allowing all sites to be viewed.
Add the Desktop Authority Console to the Trusted sites security zone. By clicking the Add… button on the dialog shown above, the entire Desktop Authority application will be recognized as a trusted site. Following attempts to load the DA Console will go smoothly and no warning will appear.
The Desktop Authority Console can also be added to the Trusted Sites security zone from the Security tab of the Internet Options dialog. Is Desktop Authority was installed to the IIS Default Web Site, use https://servername (servername is the name of the server where IIS is running) for the website to add to the security zone.
Another way to get around this browser warning is to install the Desktop Authority certificate to each computer what will access the DA Manager. Here are the steps you will need to take to accomplish this task:
Load the Desktop Authority Manager. To the right of the Internet Explorer URL bar, you will see a lock icon.
Clicking this will provide a website security report.
From the Security Report (Website Identification), click the View certificates link.
The certificate will be displayed. Here you will be able to install the certificate to a known location so you can find it in the registry.
Click the Install Certificate button.
The Certificate Import Wizard will be loaded. Click Next to continue.
This next page will allow you to select a location to store the certificate. We will choose the Personal certificate store, for the ease of locating the certificate in the registry.
Once the Personal Certificate store is selected, click Next. On the next dialog, click Finish to complete the Import.
Now we will run the MMC (Microsoft Management Console) for certificates. From the Start Menu, select Run and enter "mmc". In mmc, go to File > Add Snap-in to add the certificates snap-in. Add this for both “My user account” and “Computer account.”
Now we will locate the certificate in the Registry. Go to the HKEY_LOCAL_MACHINE or HKEY_LOCAL_USER, then \SOFTWARE\Microsoft\SystemCertificates\My\Certificates. Of the certificates within the key, find the Desktop Authority key. You will see something similar to the following:
Once you find the certificate in the registry, right-click on the key and export it into a reg file.
Now you will use the Desktop Authority Application Launcher profile object to add this registry entry to selected machines. First you must copy the reg file to a share on the network.
Now add a new Application Launcher element to your Desktop Authority profile. Use the following settings:
A similar security warning will also appear when using Desktop Authority in Firefox.
This connection is untrusted
When loading any secure site in Firefox, the security certificate will be reviewed. If there is a problem with the certificate, the “The Connection is Untrusted” dialog will be displayed. This does not necessarily mean that there is a problem with the site you are trying to load, but it serves as a warning that Firefox could not establish the identity of the website. All self-signed certificates are automatically not trusted.
To alleviate this message in Firefox, the Desktop Authority console must be added as an exception. Simply click the Add Exception… button in the dialog shown above.
This will then add the Desktop Authority console to the exception list. Click Confirm Security Exception to save it.
May 14, 2018
Self-signed certificate, security certificate, trusted site, This connection is untrusted, Content from the website listed below is being blocked by Internet Explorer Enhanced Security Configuration
Related Articles or Solutions:
This article will be Public