I have Installed charles and installed the charles CA SSL certificates as per help menu, with success confirmation.
BUt as I try to open any url with charles running, I am continuously getting an pop-up error
of "certificate file does not exist".
Can some one please help me on how do I workaround the issue and still work with charles successfully.
I was getting the same error. It's not related to your CA cert, it's a different thing, related to your client certs.
In charles, go to the Proxy menu and choose "Client SSL Certificates"
For some reason I had a mapping from . to blank/nothing. Maybe you do too. If so, remove all your mappings here and it will probably fix it.
WINDOWS / INTERNET EXPLORER
In Charles go to the Help menu and choose "Install Charles CA SSL Certificate". A window will appear warning you that the CA Root certificate is not trusted.
Click the "Install Certificate" button to launch the Certificate Import Wizard. The certificate must be imported into the "Trusted Root Certification Authorities" certificate store, so override the automatic certificate store selection.
You will be asked to confirm the certificate thumbprint, it should read:
189B6E28 D1635F3A 8325E1E0 02180DBA 2C02C241
Complete the wizard and the CA SSL certificate is now installed. You may need to restart IE before the installation takes affect.
(Windows) Since no one has said what fixed this for me-
After I followed along installing for windows I was getting this error. Make sure in the Proxy Settings under the SSL tab that use a custom CA certificate is NOT checked. Mine was, and this fixed the issue for me.
I had the same issue today. The problem was under Client Certs and it mapped * to where the C:\Downloads\charles.msi for some reason. Removed that and it was all good.
We use self signed certificates on our intranet. What do I need to do to get Internet Explorer 8 to accept them without showing an error message to the user? What we did for Internet Explorer 7 apparently isn't working.
EDIT: Internet Explorer 7 wouldn't show any errors if I put the certificate into trusted root certification authorities. Internet Explorer 8 seems to show errors even with the certificate there.
How to make IE8 trust a self-signed certificate in 20 irritating steps
Browse to the site whose certificate you want to trust.
When told “There is a problem with this website's security certificate.”, choose “Continue to this website (not recommended).”
Select Tools➞Internet Options.
Select Security➞Trusted sites➞Sites.
Confirm the URL matches, and click “Add” then “Close”.
Close the “Internet Options” dialog box with either “OK” or “Cancel”.
Refresh the current page.
When told “There is a problem with this website's security certificate.”, choose “Continue to this website (not recommended).”
Click on “Certificate Error” at the right of the address bar and select “View certificates”.
Click on “Install Certificate...”, then in the wizard, click “Next”.
On the next page select “Place all certificates in the following store”.
Click “Browse”, select “Trusted Root Certification Authorities”, and click “OK”.
Back in the wizard, click “Next”, then “Finish”.
If you get a “Security Warning” message box, click “Yes”.
Dismiss the message box with “OK”.
Select Tools➞Internet Options.
Select Security➞Trusted sites➞Sites.
Select the URL you just added, click “Remove”, then “Close”.
Now shut down all running instances of IE, and start up IE again.
The site’s certificate should now be trusted.
I got it working like this
Start Internet Explorer running as a user with administrative privileges.
Browse to server computer using the
computer name (ignore certificate
warnings)
Click the ”Certificate Error” text
in the top of the screen and select
”View certificates”
In the Certificate dialog, click
Install Certificate -> Next
Select Place all certificates in the
following store -> Browse
Check Show Physical Stores check box
Select Trusted Root Certificate
Authorities – Local Computer
Click OK – Next – Finish – OK
Restart Internet Explorer
I have tried lots and lots of steps from different people posted on different websites.
But none of them mention that I should add the certificate into the Trusted People keystore.
That's right, placing it under trusted CA is not enough for my case, I have to put the certs inside the Trusted People also.
That's:
Run MMC
Add Certificate Snap-in choose Local Computer
Expand Certificates(Local Computer) -> Trusted People -> Certificates
Right click All Task -> Import
Finish the wizard
To export the certificate:
Run IE as admin (right click, run as admin)
When prompted invalid cert, go ahead visit the website anyway
Click the certificate error near the address, click view certificate
Go to Details tab, click Copy To file
Save as *.cer file.
I'm on IE9, Windows 7
Make sure that your self-signed certificate matches your site URL. If it does not, you will continue to get a certificate error even after explicitly trusting the certificate in Internet Explorer 8 (I don't have Internet Explorer 7, but Firefox will trust the certificate regardless of a URL mismatch).
If this is the problem, the red "Certificate Error" box in Internet Explorer 8 will show "Mismatched Address" as the error after you add your certificate. Also, "View Certificates" has an Issued to: label which shows what URL the certificate is valid against.
If you're getting an address mismatch error, just allow address mismatches:
Tools and select Internet Options
select the Advanced tab
Scroll down and uncheck Warn about certificate address mismatch
Man, today I've spent a few hours fighting this problem. No matter what I did in the IE 8, the problem remained. The certificate installed by the IE appears in the Trusted Root Certification Authorities of the client PC, however the IE still complains no matter what.
Here's the solution I've discovered:
On the web server:
Win+R, MMC, Enter.
File, Add-Remove snap-in, Certificates, Add, Manage certificates for: my user account,
Finish, OK.
Navigate to "Certificates - current user / Trusted Root Certification Authorities / Certificates".
Find your certificate, right-click, All tasks / Export.
"No, don't export the private key"
"DER Encoded binary X.509 (.CER)"
Save the file somewhere.
Transfer the newly created .CER file to the client PC.
On the client machine:
Win+R, MMC, Enter.
File, Add-Remove snap-in, Certificates, Add, Manage certificates for: my user account,
Finish, OK.
Navigate to "Certificates - current user / Trusted Root Certification Authorities / Certificates".
Right-click on Certificates container, All tasks / Import
Choose your .CER file you've transferred from the server machine.
On the next screen, choose "Place all certificates in the following store", click "Browse", check "Show physical stores", then choose "Trusted Root Certification Authorities / Local Computer".
Press "Finish" finally.
In Internet Explorer: Tools - Delete browsing History,
In Internet Explorer: Tools - Internet options - "Content" tab - Clear SSL state button.
Here is how I got it to work in IE8:
Go to the website in question, https://xxx.yyy.com, for instance,
Click through until you get to the Certificate error in the browser status line.
View the cert, then from the Details tab, select Copy to File.
Save to the desktop as xxx.cer, for example,
Start, Run, MMC.
File, Add/Remove Snap-In,
Select Certificates, Click Add, My User Account, then Finish, then OK,
Dig down to Trust Root Certification Authorities, Certificates,
Right-Click Certificate, Select All Tasks, Import,
Select the Save Cert from the Desktop
Select Place all Certificates in the following Store, Click Browse,
Check the Box that says Show Physical Stores, Expand out Trusted Root Certification Authorities, and select Local Computer there, click OK, Complete the Import,
Check the list to make sure it shows up. You will probably need to Refresh before you see it. Exit MMC,
Open Browser, select Tools, Delete Browsing History
Select all but Inprivate Filtering Data, complete,
Go to Internet Options, Content Tab, Clear SSL State,
Close browser and reopen and test.
You should install your certificate as a trusted authority on your computer.
There are numerous way to do that, for exampe you could use mmc (start/run/mmc), add the Certificates Snap-In, and from there you can install your self-signed certificate.
There's no way around that because the whole point of certificates is to warn the user if the website he's visiting has not been certified by a trusted authority.
It's not enough to install the certificate itself, instead you need to install the root certificate of your certification authority. Say if you use Win Server's Certificate Services, its root certificate which was created when CS was installed on that server is the one to be installed. It must be installed to the "Trusted Root Certification Authorities" as described earlier.
This may help someone I am on IE11 windows 7 and what I did In addition to install the certificate is Going to internet options ==> advance tab == > security ==> "remove the check " from warn about certificate address mismatch in addition to below - dont forget to close All IE instances and restart- after finishing :
1-Start Internet Explorer running .
2-Browse to server computer using the computer name (ignore certificate warnings)
3-Click the ”Certificate Error” text in the top of the screen and select ”View certificates”
4-In the Certificate dialog, click Install Certificate -> Next
5-Select Place all certificates in the following store -> Browse
6-Install to the trusted root Certification ..
then restart .
Hope this help someone .
You can use GPO to use the certificate within the domain.
But my problem is with Internet Explorer 8, that even with the certificate in the trusted root certification store... it still won't say it's a trusted site.
With this and the driver signing that needs to be done now... I'm starting to wonder who owns my computer!
Unfortunately none of the solutions worked for me. I used Internet Explorer 8 on Windows 7. When I was looking for a solution, I found the settings about login information in the control panel. So I added a new entry under the certificate based information with the address of my server and I chose my prefered certificate.
After a clear of the SSL cache in Internet Explorer 8 I just refreshed the site and the right certificate was sent to the server.
This isn't the solution which I wanted, but it works.
As everyone else has mentioned, the first task is to add the certificate to the Trusted Root Authority.
There is a custom exe (selfssl.exe) which will create a certificate and allow you to specify the Issued to: value (the URL).
This means Internet explorer will validate the issued to url with the custom intranet url.
Make sure you restart Internet Explorer to refresh changes.
It doesn't look like it's possible to not have the certificate error any more. I'm on Windows XP with IE 8. Group Policy had installed a self-signed certificate as a trusted root certificate for access to an internal site. When I look at MMC with the certificate snap-in I can see the certificate there OK.
When I look at:
Internet Options => Content => certificates
It isn't there!
This behaviour in IE started since our admins let loose with the last lot of Patch-Tuesday updates which installed on my machine on 10th Dec 2009. Prior to that it was quite happy to accept the certificate as valid.
I had the same issue while working with web services. Here Microsoft has a (long) walk-thru showing you how to install stuff on the client to basically say that your self-signed cert is ok. In the end, I just spent the $30 and bought a full certificate from Godaddy.com.
P.S. I know that you can code around the error message but we didn't want to do that for testing reasons.
What were you doing before? For self-signed certificates, I would normally install the certificate locally on the client system.
You may be able to use Group Policy to push a certificate to every system.
You need to make sure that the Self Signed Certificate uses the correct common name for the domain you are setting up. If you are going to use the same certificate for multiple domains you need to either have a unique certificate for each domain, or if all of your ssl sites are subdomains of a common domain, then you can generate a certificate with a wildcard domain like *.domainname.tld.
If you don't set up your common name correctly in your self signed certificate then Chrome and Firefox may work, but IE might not be able to find the certificate when you load the site each time. In IE it will appear like you have added the site's cert but in fact on page load it will never be found.
how to set up SSL for Apache for a Mac so I can test Cross Domain iFrame on IE8
How to install the CA Root Cert, and not the Website Cert: (IE8, Win7)
When you bring up the certificate details you are looking at the website cert, and not the CA cert. The General tab will say, "This certificate cannot be verified..." You need to select the CA by clicking on the Certification Path tab, and selecting the top most cert in the path. It should have a red X icon, and should say, "This CA Root certificate is not trusted because..." Click the View Certificate button, and on this new General tab you should see, "This CA Root is not trusted..." This is the certificate that you want to import into the Trusted Root Certificate Authority.
Once you have imported the CA, you do not need to import the regular website cert. That cert will get matched up to the CA you just imported, and IE will treat everything as working normally. You do not need to run IE as Admin, and you do not need to add the site to trusted sites first. You do need to restart IE after the import.
I tried all mentioned solutions but none of them worked. Using Internet Explorer 11 (11.0.9600.17914), there was no way of accepting invalid certificates as the error looked exactly as an 404.
What helped was the following:
- add host to trusted sites (as mentioned a couple of times here)
- disable TLS 1.2 and enable SSL 1.0 & SSL 2.0
The last step is something you should ONLY DO if you know what you're doing. We need to use a pretty strange setup here at work, thus we couldn't find another way of getting access to the system. Usually, downgrading security like that should not be done.
If you are doing some local testing and that you add some alias in the hosts files say
127.0.0.1 www.mysite.com
and try to use any of the above procedures you will fail. The reason is that you will import a certificate for localhost. The certificate URL won't match.
In that situation you will have to generate a self-signed certificate and THEN import it as described above.
If you are using Xampp the generation of the correct certificate can be done easily using
c:\xampp\apache\makecert.bat
You can use CertMgr to add a certificate as a trusted publisher or if it is self-signed, as a root certificate
CertMgr.exe /add CertificateFileName.cer /s /r localMachine root
See Microsoft's documentation here:
https://learn.microsoft.com/en-us/windows-hardware/drivers/install/using-certmgr-to-install-test-certificates-on-a-test-computer