Craig, isn't the green banner triggered by an EV (Extended Validation) cert? We have a few but I was not involved in the purchasing end. It is my understanding that EV certs are considerably more expensive than a traditional basic cert. A basic cert will still show the lock icon in the browser but will not change the banner color. I think we'll see things move more and more to EV certs but if budget is a concern they should be able to get a basic cert from a well recognized issuer (Verisign) to get rid of the warning message.
Craig touched on another (free) option; to have a cert issued/signed by an internal CA (Certificate Authority) that is trusted by all of computer on the domain. For example all the computers on our AD domain automatically trust one of our Domain Controllers as a CA. For some of our internal support sites we use certs issued/signed by this CA to give us the security of SSL. This works well because we do not have to worry about machines outside of our internal environment accessing these pages. Worst case if a machine not on the domain accesses the page they will receive the warning that Rajesh described and can click through it. <personal note> In general it is probably a bad practice to educate users to ignore the certificate warning (although business must go on and may be the only choice). These warnings are there for a reason and conditioning people who may not be all too Net savvy to ignore them could lead them to trouble out on the big bad Net when confronted with sites like https: //amaz0n.com or https: //b0fa.com ((note the letter "O" replaced with a zero) (intentional space between "https:" and "//")) </personal note> Jason On Mon, Jan 3, 2011 at 7:10 AM, Craig Carter < [email protected]> wrote: > ** > The problem you are seeing is with the Enhanced Security added in IE8. If > you click through the warnings, everything will still work fine. It can be > a problem though if you have customers who believe the message and refuse to > click through the warnings. > > We've always run a secure site (https) and we ran into this when IE8 was > released. IE7 had a simliar problem but was not nearly as noticeable and > "in your face" with the messages. > > The problem is that Microsoft IE8 does not automatically accept all secure > certificates as "authenticated" and will present that warning. If you > have a controlled user population, you can simply add your certificate > issuing authority as a trusted certificate authority in their browser > configuration (for IE8) and the problem will go away. However, if you are > not able to do that, your only real choices are to either educate your users > or purchase certificates that are automatically accepted (like Verisign). > We took the second route and although not cheap, you then get the nice green > banner versus the red one and the problem goes away. > > This is not a BMC/Remedy problem or an HTTPS problem--it's increased > security added to that browser. The only thing you can do is to use a > certificate issued by an authority Microsoft has deemed worthy or add your > own issuing authority to all of their browsers. > > Craig Carter > RSP > > > ------------------------------ > *From:* Action Request System discussion list(ARSList) [ > [email protected]] On Behalf Of Ali A. Musa [[email protected]] > *Sent:* Monday, January 03, 2011 6:36 AM > > *To:* [email protected] > *Subject:* Re: IS I.E 8.0 Compatible ? > > ** > > This implementation has been working for 7-years and I have upgrade to many > IE 6,7,8 and none ha scaused a problem, unless you mean https:// the > secure which I did not deploy. > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Nair, Rajesh SISPL > *Sent:* Monday, January 03, 2011 3:41 PM > *To:* [email protected] > *Subject:* Re: IS I.E 8.0 Compatible ? > > ** > > Is their any setting you have done on IE Side.. > > With Best Regards > > *Rajesh * > ------------------------------ > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Ali A. Musa > *Sent:* Monday, January 03, 2011 6:10 PM > *To:* [email protected] > *Subject:* Re: IS I.E 8.0 Compatible ? > > Its working fine with me our environment, client IE8 and Mid-tier 6.3 with > jsp-engine using IIS. > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Nair, Rajesh SISPL > *Sent:* Monday, January 03, 2011 3:25 PM > *To:* [email protected] > *Subject:* IS I.E 8.0 Compatible ? > > ** > > Dear List, > > need to know whether IE is compatible to run with ARSYTEM 6.3 with Midtier > 6.3 > > Our Organization is made a mandate of using IE 8 on every system and while > testing I found out that I am getting an error every time I open the link. > > > There is a problem with this website's security certificate. > > > > > > The security certificate presented by this website was issued for a > different website's address. > Security certificate problems may indicate an attempt to fool you or > intercept any data you send to the server. > > > We recommend that you close this webpage and do not continue to this > website. > > > > We are on ARSYTEM 6.3 patch 23 ITSM 5.5 and Midtier server V 6.3 patch 24 > > Note: Site work with Server Certificate https: > > Any way out of this. > > With Best Regards > > *Rajesh* > > ** > > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"__attend > WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
