Internet Explorer displays an "untrusted certificate" error when browsing to WebVision - WKB2489

SYMPTOMS

• When browsing to SDMS WebVision, IE displays an error message indicating that a certificate is not trusted

ENVIRONMENT

• NuGenesis 9 SDMS
• NuGenesis 8 SDMS SR2

CAUSE

The SSL certificate used by the SDMS Web server does not pass Internet Explorer's validation checks.

FIX or WORKAROUND

Each SDMS Web server must have a valid certificate assigned to it in Microsoft IIS. The certificate must be:

• Issued by a Certificate Authority (CA); OR, a self-signed certificate that is pushed to the Trusted Root Certificate authorities store on all client machines
• Issued by a CA that the client can access, whether managed internally or by a third-party company
• Valid for the current time period
• Issued to the server's fully qualified domain name

If the "issued to" field in the certificate does not match the server name as entered into the URL, IE will not trust the certificate. In most cases, the "issued to" name must be the server's fully qualified name, and the server name in the URL must be the fully qualified name. If the SDMS servers are load-balanced and share a common name, the certificate must be issued to the name of the load balancer, and added to IIS for each SDMS Web server in the pool.

Waters does not issue certificates for NuGenesis Web servers.

ADDITIONAL INFORMATION

To add a certificate to IIS or to add an SSL certificate to the HTTPS binding, see the article How to configure a NuGenesis web server for HTTPS.