Hi,

I am attempting to host a web app from IIS (Window XP), but whenever I change the DNS from http://localhost/Default.aspx to https://localhost/Default.aspx I get the following error message.

*********

Certificate Error: Navigation Blocked

There is a problem with this website's security certificate

The security certificate presented by this website was not issued by a trusted certificate authority.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

*********

I've download the IIS Resources kit and run selfssl.exe also but it does not resolve the problem.

Thanks,

Andrew

Did you add the certificate as a trusted certificate?   In IE go to Tools -> Internet Options -> Content -> Certificates.   From there I think you can add the certificate to the Trust lest.  Also if you run selfssl.exe with the  /T option it will automatically setup the cert as trusted. 

How do you add a certificate to your own localhost as a trusted site?

I've done selfssl.exe /T twice and it didn't help.

I've got "my computer name" as the "Issued To" plus "Issued By" under Trusted Root Certification Authorites, is that enough?

Hi

Here is some quotes from MSDN article might explain the problem

Because SelfSSL.exe generates a self-signed certificate that does not originate from a commonly trusted source, use this tool only when you need to troubleshoot third-party certificate problems or when you need to create a secure private channel between your server and a limited,

I've toyed around with SelfSSL and with makecert.exe and did the following things

1: To use https://localhost/Default.aspx you need to specify /n:CN=localhost when you generate a self-signed certificate

2. I've added a certificate store with two accounts,"Current User" and "Local Computer", running mmc.exe Snap-ins, and saved the the management console as a .msc file.

3. I went into IIS6 and removed older certificates I've created using /n:CN=my computer name

4. I ran >makecert.exe -r -pe -n "CN=localhost" -ss my -sr currentuser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" - sy 12 localhost and it generates an untrusted certificate ("localhost") under the Current User account personal folder. 

5. I ran >selfssl.exe /T /n:CN=localhost again and this time it generates a trusted certificate (also called "localhost") under the Local Computer account personal folder.

6. I went to IIS6 -> Properties -> Directory Security tab and saw a copy of trusted certificate named "localhost".

7. I went to IE7 -> Tools -> Internet Options -> Contents -> Certificates and verified that "localhost" under Local Computer account is added to Trusted Root Certificate Authorities tab and untrusted "localhost" under Current User is added to Personal tab.

8. I tried running https://localhost/Default.aspx yesterday after making all the changes and I still got the same error messages, so I thought https://localhost requires the certificate from the Current User account.  However earlier today I just ran it again it works and IIS suddenly now allows the client to communicate via SSL to the server?

9. Regardless of which copy of localhost certificate IIS6 fetches from, how do I add the Current User account personal certificate to the Trusted Authorities store?

Thanks!