How do I get rid of 'Invalid Certificate' Error in IE7?

You can tell IE7 to accept the "faulty" certificate permanently:

1. Click on the box to the right of the web address, which has "Certificate Error" in it.
2. In the Untrusted Certificate box, click on View Certificates at the bottom.
3. Click on the General tab and then click on Install Certificate
4. At the Welcome to the Certificate Import Wizard, click Next
5. With "Automatically select the certificate store based on the type of certificate" selected, click Next
6. At the "Completing the Certificate Import Wizard" click Finish.
7. You should see the Certificate Import Box, which should say "The import was successful". Click OK.
8. Click OK to clear the Certificate Import Wizard.

Now you have a permanent security certificate exception in IE7, so when the "faulty" certificate is presented to IE7, it knows that you accept in anyway by default.

Kind regards,
Dunc.

Thanks for the clear instructions, I've tried the described process previously, and again after reading your post but continue to get the error.
Not sure what else to try or what I've got set incorrectly.

I had the same problem until I created the cert with the same internet domain name that I was using to access the box. I had previously used the 192.168.1.2 ip address and continued to get the error when accessing the box through my address at dyndns.org. Once I used my dyndns.org domain name to issue the cert, everything was fine.

I hope this helps.

Thanks; got a reply in another forum that suggested the same resolution, and it worked.
Seems simple once you find the answer.

Thanks for your input.

prchrist wrote:
Thanks; got a reply in another forum that suggested the same resolution, and it worked. Seems simple once you find the answer. Thanks for your input.

Hello folks, I am a new ReadyNAS DUO user and am having same problem using Windows Vista with IE8. I cannot add the certificate to the trusted certificates zone because when I click on the red certificate error bar and it shows the certificate details, all the options to perform any actions on it are greyed out! All I can do is view the info on the certificate, but nothing I see allows me to click "add" certificate to be trusted. The certificate name is simply the ip address of my ReadyNAS DUO unit. Should I rename and regenerate the certificate with a text name of say my registered dynorg.org hostname? Or is there a way to import the certificate from the ReadyNAS DUO? Where is the generated certificate stored such that I can point IE8 browser there to fetch it and install it into the trusted certificates zone?

Infobits wrote:

prchrist wrote: Thanks; got a reply in another forum that suggested the same resolution, and it worked. Seems simple once you find the answer. Thanks for your input. Hello folks, I am a new ReadyNAS DUO user and am having same problem using Windows Vista with IE8. I cannot add the certificate to the trusted certificates zone because when I click on the red certificate error bar and it shows the certificate details, all the options to perform any actions on it are greyed out! All I can do is view the info on the certificate, but nothing I see allows me to click "add" certificate to be trusted. The certificate name is simply the ip address of my ReadyNAS DUO unit. Should I rename and regenerate the certificate with a text name of say my registered dynorg.org hostname? Or is there a way to import the certificate from the ReadyNAS DUO? Where is the generated certificate stored such that I can point IE8 browser there to fetch it and install it into the trusted certificates zone?

Well being no one has answered this question yet, and I have solved it after getting a hint of what to do from the FAQ thread here, I will iterate what I did for future reference to those who will come down this path after me.

The steps that were outlined by previous posters in this thread above, apparently are for Windows XP users. They apparently overlooked the Windows Vista OS users. Like I said, I am using a Windows Vista OS with Internet Explorer 8 and those instructions above don't apply here.
Here is what I wound up doing:

In my ReadyNAS DUO and my ReadyNAS NV+
1) First off I assigned static ip addresses (at my router config) to my ReadyNAS units so tha the never change (you should do same).
2) login to Frontview and go to the Services-->Standard File Protocols screen, scroll down to the HTTPS section and enter your ReadyNAS units local ip address (e.g. - 192.168.2.10 or whatever it may be) into the "SSL key host" field and hit the Generate new key button to generate the new SSL key.
3) Wait about 10 seconds and click refresh at the top of the screen and it should come back saying that it finished generating new SSL key.
4) Next open a fresh https Internet Explorer browser (7 or 8 ) session to your ReadyNAS ip address (e.g. https://192.168.2.10/admin ) or just use RAIDar util and go to "setup" to open up the session.
5) At this point IE will fail to connect and give the usual could not trust the certificate or whatever error messages it says. Just click the option it presents to continue anyway and allow it.
6) The ReadyNAS Frontview login screen will present and you just login with your admin and password credentials as normal.
7) Now go into IE Tools-->Internet Options-->Security-->Trusted Sites and add your ReadyNAS ip address as a Trusted Site. It has to be entered in the format of https://192.168.2.10 (using my example ip address here). Once you've added your ReadyNAS ip address as a trusted site, you will later be able to add the ReadyNAS generated certificate. Save and close and exit the IE tools dialog boxes now.
8 ) At the top right side of IE url address bar will be a red Certificate Error notice. Left click on it and it will open up a box where you can click to view the certificate.
9) There should be a choice available now to install this certificate. Click on it and perform the steps to install the certificate as a "Trusted Root Certification Authorities" category. Do not accept the default method it presents, you have to manually click the box and open the browser bar for a list of items. Select the "Trusted Root Certification Authorities" and add it. Complete the install and exit.
10) After this, logout and close your current browser session. If all went well from now on, next time you open the ReadyNAS Frontview login page, you should no longer get the certificate error screen nor messages anymore.

The main thing that made it work for me was to make sure that the Trusted Sites "https://<name or ip address>" you entered in tools options, matches the SSL certificate name or ipaddress_name that generated in ReadyNAS FrontView. I pulled my hair out a bit until I made these two names identical to each other... else it still won't work.

Hope this helped someone. (I am not sure I have listed all my steps in right order, but that is the jist of it).

Infobits wrote:
... Hope this helped someone. (I am not sure I have listed all my steps in right order, but that is the jist of it).

Beautifully done, Infobits! I'm a new NV+ user as of about 5 hours ago - you've just saved me a LOT of time and annoyance as I continue to configure this box for my Vista/XP/IE8 network.

next bug to squish...alert email! :)

Thank You!

Thank you sooooooo much for posting this information. It answered an ongoing issue of mine since I migrated to the new SBS 2008 server.

My NAS is at 192.168.0.10 in my home network. My ISP IP address is a.b.c.d. I have setup my router to port forward accordingly. When at home, I prefer to access the NAS locally using https://192.168.0.10, but my extended family will access the NAS remotely using https://a.b.c.d. Using the instructions above for trusted sites and certificate generation/import, I can eliminate the "invalid certificate" problem for either local access via 192.168.0.10 or remote access via a.b.c.d, but not BOTH at the same time.

I have tried adding both 192.168.0.10 and a.b.c.d simultaneously to trusted sites and import the current certificate accordingly. Experimentally, if I use 192.168.0.10 as the NAS SSL key host, then I will see no invalid certificate error when contacting the NAS via 192.168.0.10, but I will see certificate error when contating the NAS via a.b.c.d. If I use a.b.c.d as the NAS SSL key host, then I will see no invalid certificate error when contacting the NAS via a.b.c.d, but I will see certificate error when contating the NAS via 192.168.0.10. If I use a random name as the NAS SSL key host, I will see certificate error when contacting the NAS via 192.168.0.10 or a.b.c.d.

Am I doing something wrong or is there a way to overcome this ?

mld wrote:
I can eliminate the "invalid certificate" problem for either local access via 192.168.0.10 or remote access via a.b.c.d, but not BOTH at the same time.

Correct. I do not believe that you can have to valid certificates at the same time.

I think the only way to cure this problem is to use a FQDN and then generate the certificate. There are many dynamic DNS services that you allow you to create a FQDN such as mld.dyndns.com to get your external users connected to your external IP (a.b.c.d). However, internally you may face problems with routing or name resolution. You can cure this by creating an entry in you hosts file that points mld.dyndns.com to 192.168.0.10.

In Windows, edit the C:\Windows\System32\drivers\etc\hosts file and add your dynamic DNS name:

192.168.0.10   mld.dyndns.com

Do this for each of the machines on your internal LAN. Of course, mld.dyndns.com is just an example --- feel free to register whatever name works for you and with whatever DynDNS service is supported by your router. Change the entries accordingly in the hosts file.

-Dave