[THIN] OT - change IE 7's annoying SSL certificate alert
- From: "TSguy92 Lan" <tsguy92@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Mon, 31 Dec 2007 11:45:43 -0800
I've been a way to get rid of IE 7.0's special error page it displays
whenever you browse to a website that has an SSL certificate it doesn't
recognize for a long time now.
The modification suggested here:
http://ie7triage.spaces.live.com/default.aspx, works like a champ in testing
so far, and reverts IE 7's certificate warnings to the manner in which IE
6.0 behaved.
As the guys who found this lovely modification note:
"IEPEERS opinion is a user should not be navigating to public websites that
have inconsistent certificate information and manipulation of the mentioned
registry value is not recommended."
If you're like me, and you do administration on a number of network devices
with built in SSL certs which aren't "trusted" natively by IE, this is a
very handy workaround to get past IE 7.0's warning page.
One last note, the reg key type to create is note mentioned in the article,
it is a DWORD. Much kudo's to these guys for tracking this down.
- Lan
From the site:
*
**IE7: Restoring the IE6 Certificate Security Alert
dialog*<http://ie7triage.spaces.live.com/blog/cns!3B6634EF5458F389!507.entry>
With Internet Explorer 6.0 one could view the certificate information prior
to actually navigating to a secure site if there was a problem or
inconsistent information within the certificate.
With Internet Explorer 7.0 a new feature was implemented that presents a
higher level of visibility to the user for certificate mismatch. The new
feature is covered in a previous post, IE7 Security: Warn about certificate
address
mismatch<http://ie7triage.spaces.live.com/Blog/cns!3B6634EF5458F389!205.entry>
If one elects to at their own risk can use the following registry value to
enable the older style Internet Explorer 6.0 behavior will be used to warn
the user of a certificate that contains inconsistencies.
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SSLUX
NOTE: You must create a new key called FEATURE_SSLUX. Under the
FEATURE_SSLUX key you can add the following.
Name: iexplore.exe
Note: Just the iexplore.exe process will use the key. If you want all
processes to use the key you can replace iexplore.exe with *.
Value: 0 (Internet Explorer 6.0 Behavior) or 1 (Internet Explorer 7.0Behavior)
The feature control registry value was found using REGMON during a review of
various registry values read during the load of a secure web page.
This is what the dialog will look like when one visits a site that utilizes
a certificate with inconstant information if the above mentioned registry
key is enabled for Internet Explorer 7.0.
<http://byfiles.storage.msn.com/y1pdWbuDcXY1skF0ikuQFwS_LdM8gjm8xo6sVAgtNkxKjAJdtspDv9_novMDRe3bxFj4QjoG4fYaLg>
YES: The page loads normally
NO: The normal Internet Explorer 7.0 security page loads warning about the
certificate.
View Certificate: One can inspect the certificate prior to selecting YES or
NO.
If YES is selected the Lock Icon that no one actually looked at in the
status bar at the bottom of the window appears. You are still given the RED
address bar letting the user visually see that the certificate utilized to
establish the secure session does have inconsistent information.
Other related posts:
- » [THIN] OT - change IE 7's annoying SSL certificate alert
