As an admin in our organization I wanted to add two "Add Exception..." so end users do not have to get a certificate warning and click through to two places. One is a con… (read more)
As an admin in our organization I wanted to add two "Add Exception..." so end users do not have to get a certificate warning and click through to two places.
One is a connection to a systray service, the url is https://127.0.0.1:51763 and to test and validate this service for the web application, one must first click test in the app, then click Advanced and Add Exception on the "Your connection is not secure" page. The second is https://tablet.sigwebtablet.com:47290/SigWeb/ which has a Thawte certificate on it, but still requires clicking through.
This is for an in house financial operating system. The vendor did place our wildcard cert on the main page which works, its just these two service test URLs cause an issue, and since we do not own these certificates, we cannot re-sign them with a trusted Subject Alternative Name.
If I can do this with Firefox CCK or Group Policy, that would be fine. We do have Firefox trust our Windows Certificate store, so maybe there is something we can do already in Group Policy and Windows Certificates? I'm not sure because the cert at 127.0.0.1 is signed by corelation.local and there are NO SAN names on it, so even trying to use GPO's to import it to the Computers Trusted Root Certificates may not be enough.