There is a problem with this website's security certificate when logging into Xenta web server using Internet Explorer 8

Issue

When logging into Xenta server using Internet Explorer 8 a certificate error is displayed as displayed below:

Navigation Blocked

  • When logging into the web server of a Xenta controller using Internet Explorer 8 an error message is shown stating that there is a problem with the website's security certificate.

The error reads:

There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
More information

  • How to install a self signed certificate.

Product Line

TAC I/NET, TAC Vista, Satchwell MicroNet

Environment

  • Internet Explorer 8
  • Xenta 511, Xenta 527, Xenta 555, Xenta 701, Xenta 711, Xenta 721, Xenta 731, Xenta 913
  • SSL

Cause

The default certificate in the Xenta web server is a self-signed certificate. Since the certificate is not issued by a recognized Certificate Authority the web browser (in this case Internet Explorer 8) cannot validate the authenticity of the certificate and suggests that the user not continue to the website each time the user tries to access it.

Resolution

1. Click "Continue to Website" to continue to the screen shown below. Click on "Certificate Error" which is found on the right side of the address bar at the top.

Continue To Website

 2. A dialog similar to the one below will open. Click "View certificates".

Mismatched Address

3. The certificate dialog will appear. Click "Install Certificate".

View Certificate

 4. The Certificate Import Wizard will open. Click Next.

Certificate Import Wizard

 5. Allow Windows to automatically select where to store the certificate.

Certificate Import Wizard

 6. Proceed to Finish the Certificate Import Wizard.

Certificate Import Wizard

 7. A notification appears indicating that the certificate was imported successfully. Restart Internet Explorer for the change to take effect.

The import was successful.

Note: The certificate will need to be installed in each client computer that accesses the Xenta server but once this complete it does not need to be done again. The exception to this is if the web address of the Xenta server is changed or if Internet Explorer is uninstalled then reinstalled.

The alternative is that a certificate issued by a Certificate Authority (CA) may be purchased. These certificates are pre-installed into the web browser and will automatically prevent certificate errors from occurring on all client computers that access the web server. Note that these can be quite expensive and unless the Xenta web server is being hosted on the internet they are not necessary.

As of July 26, 2011 SSL certificates could be obtained for $99/year at the below link. Note, however, that these have not been tested or endorsed.

https://www.dyndns.com/services/sslcert/

See Lessons Learned #5010 for information on installing certificates into Firefox.

Update: Starting in September 2014, all major browsers will be disabling 1024-bit roots within their trusted roots stores. Any SSL certificates chained to a 1024-bit root will no longer work on any browsers that takes this action or one that relies on another’s root store (the self-signed certificate is 1024-bit). This means that you will still get the security warning even if you have installed the self-signed certificate.