This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 14.000000000000002%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECA%3C/text%3E%3C/svg%3E)
Hello, I have created a self signed certificate for our portals with a wildcard in IIS/Windows 2019. For example *.XXX.internal. I have also installed it in the security store on the server. The problem is, it is not recognized by the workstations unless it is installed on the workstation. Is there something I have done wrong? How do you install on the server so it doesn't have to be installed on all workstations?
You do need valid certificates from valid CAs, either internal ones from solutions like Active Directory, or external from DigiCert or others.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 70%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYD%3C/text%3E%3C/svg%3E)
Hi @Chris A,
A self-signed SSL certificate is a digital certificate signed by the website administrator himself, rather than a certificate issued by a trusted organization such as Symantec or Let's Encrypt. Compared with SSL certificates issued by public trust organizations, self-signed SSL certificates lack credibility and have weak security.
Self-signed SSL certificates have not been audited by a trusted authority, so client browsers cannot verify the trust of the certificate. This means that if a user visits a website that uses a self-signed SSL certificate, they will see a security warning and need to manually trust the certificate in order to access the website.
If you have a web server on your internal network that only employees within the company need to access, you can use a self-signed SSL certificate to provide security. Since your company employees' devices are on the company's internal network, you can install self-signed certificates on these devices in advance so they can access your website securely.
But for public websites, it's best to consider using a public SSL certificate issued by a trusted third party, such as Let's Encrypt, DigiCert, or another SSL Certificate Authority (CA). Such certificates are widely trusted, reducing security risks.
Also note that self-signed certificates are intended primarily for development and testing purposes and are not recommended for use in production environments. In a production environment, using a trusted SSL certificate is a more secure option.
Hi @Chris A,
Is your problem solved? Any progress on this issue? Looking forward to your reply, thank you!
Thank you for your well thought out response and time. I understand what you are saying and all computers are on internal network. So now I ask, why the error? How to diagnose? What would be the next steps in diagnosing?
When an internal device, such as a company employee's computer, attempts to connect to a web server secured with a self-signed certificate, browsers often display a security warning or error indicating that the certificate is not trusted. So you need to install a self-signed certificate on your internal device so that the browser can recognize and trust it. If you don't want to manually install the certificate on each device, you may consider using other methods to ensure a secure connection, such as setting up a dedicated Certificate Authority (CA) on your company's network, or using another trusted Certificate Authority certificate.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Self signed certificates are not trusted, because the signing authority, is not installed on the devices. The only way to trust a self signed certificate is to install as trusted on every device that uses it. There is no way around this.
you can use group policies to install a certificate if the workstations are all managed.