如何安装CA根证书，而不是网站证书:(IE8, Win7)

When you bring up the certificate details you are looking at the website cert, and not the CA cert. The General tab will say, "This certificate cannot be verified..." You need to select the CA by clicking on the Certification Path tab, and selecting the top most cert in the path. It should have a red X icon, and should say, "This CA Root certificate is not trusted because..." Click the View Certificate button, and on this new General tab you should see, "This CA Root is not trusted..." This is the certificate that you want to import into the Trusted Root Certificate Authority.

一旦您导入了CA，您就不需要再导入常规的网站证书，该证书将与您刚刚导入的CA匹配，IE会将一切视为正常工作。您不需要以管理员身份运行IE，也不需要先将站点添加到可信站点。导入完成后需要重新启动IE。

我让它这样工作

Start Internet Explorer running as a user with administrative privileges. Browse to server computer using the computer name (ignore certificate warnings) Click the ”Certificate Error” text in the top of the screen and select ”View certificates” In the Certificate dialog, click Install Certificate -> Next Select Place all certificates in the following store -> Browse Check Show Physical Stores check box Select Trusted Root Certificate Authorities – Local Computer Click OK – Next – Finish – OK Restart Internet Explorer

下面是我如何让它在IE8中工作的:

Go to the website in question, https://xxx.yyy.com, for instance, Click through until you get to the Certificate error in the browser status line. View the cert, then from the Details tab, select Copy to File. Save to the desktop as xxx.cer, for example, Start, Run, MMC. File, Add/Remove Snap-In, Select Certificates, Click Add, My User Account, then Finish, then OK, Dig down to Trust Root Certification Authorities, Certificates, Right-Click Certificate, Select All Tasks, Import, Select the Save Cert from the Desktop Select Place all Certificates in the following Store, Click Browse, Check the Box that says Show Physical Stores, Expand out Trusted Root Certification Authorities, and select Local Computer there, click OK, Complete the Import, Check the list to make sure it shows up. You will probably need to Refresh before you see it. Exit MMC, Open Browser, select Tools, Delete Browsing History Select all but Inprivate Filtering Data, complete, Go to Internet Options, Content Tab, Clear SSL State, Close browser and reopen and test.

您应该将证书作为受信任的权威安装在计算机上。

有许多方法可以做到这一点，例如，您可以使用mmc (start/run/mmc)，添加证书管理单元，然后从那里安装自签名证书。

这是没有办法的，因为证书的全部意义是警告用户，如果他正在访问的网站没有经过可信的权威机构的认证。

伙计，今天我花了几个小时来解决这个问题。无论我在IE 8中做了什么，问题仍然存在。IE安装的证书出现在客户端PC的“受信任的根证书颁发机构”中，但IE仍然报错。

以下是我发现的解决方案:

在web服务器上:

Win+R, MMC，回车。 文件，添加-删除管理单元，证书，添加，管理证书:我的用户帐户， 完成。 导航到“证书-当前用户/受信任的根证书颁发机构/证书”。 找到您的证书，右键单击All tasks / Export。 不，不要导出私钥 "DER编码二进制X.509 (.CER)" 将文件保存在某个地方。 将新创建的. cer文件传输到客户端PC上。

在客户端机器上:

Win+R, MMC, Enter. File, Add-Remove snap-in, Certificates, Add, Manage certificates for: my user account, Finish, OK. Navigate to "Certificates - current user / Trusted Root Certification Authorities / Certificates". Right-click on Certificates container, All tasks / Import Choose your .CER file you've transferred from the server machine. On the next screen, choose "Place all certificates in the following store", click "Browse", check "Show physical stores", then choose "Trusted Root Certification Authorities / Local Computer". Press "Finish" finally. In Internet Explorer: Tools - Delete browsing History, In Internet Explorer: Tools - Internet options - "Content" tab - Clear SSL state button.

我在使用web服务时也遇到了同样的问题。在这里，微软有一个(很长的)演示，告诉您如何在客户端安装东西，基本上说您的自签名证书是可以的。最后，我花了30美元，从Godaddy.com上买了一个完整的证书。

附注:我知道你可以编写错误消息，但出于测试原因，我们不想这样做。