Friday, August 20, 2010

IE 8 Certificate error and trusted sites grayed out

The problem happened after users started using Windows 7 and IE 8. Some users complained that they cannot access some secure websites especially Self-Signed Certificate websites. With Windows XP and IE 7, they could bypass the Self signed Certificate warning by just clicking the "Continue to this website (not recommended)" link. But now, the link doesn't show up anymore, the only option is "Click here to close this webpage". In addition, the local and trusted sites are grayed out. You can't even add sites to these zones.


After spent hours searching in Google, I was still no lucky. I’ve tried all the solutions that posted online:

1. Clear the boxes for: "Check for publisher's certificate revocation" and "Check for server certificate revocation” in IE security setting.

2. Update for Root Certificates from Microsoft Website.

3. Import the website certificate to trusted root certificates.

4. Modify the Registry key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"Flags"=dword:00000047

Unfortunately none of the above solutions worked for me. I thought I must miss something. Then I realized I might need to look at the local group policy. I didn't consider the group policy because only some computers had the problem, the others were working fine, and they are in the same OU and have the same global group policy.

After I dug into the local group policy, I finally solved the problem:

1. Close all the IE windows.
2. Run gpedit.msc
3. Navigate to User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer ->Internet Control Panel
4. Set “Prevent ignoring Certificate errors” to “Disabled”. Now the “Continue to this website (not recommended)” Link should show up.
5. Navigate to User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer ->Internet Control Panel -> Security Page
6. Set “Site to Zone Assignment list” to “Disabled”. This will allow you to modify the trusted list.
7. Open your IE and enjoy the freedom.

1 comment:

  1. Thanks Andy, it worked as you mentioned and saved me a lot of time.

    ReplyDelete