Want to suppress self made proxy certificates in IE

[USMC2Hard4U]

We are doing some SSL interception for certain website on our BlueCoat proxy servers, and have created some certificates that we have placed on each of our test workstations.

for example, we have identified https://www.google.com as a test. The configuration changes on BlueCoat were successful and now we see this on IE.

We get this error because IE sees the BlueCoat certificate and not the expected certificate provided by google.

What Windows or IE setting can I change to suppress this error completely? So this is transparent to the user? We do not want to suppress all certificate errors... just the ones from the specific websites we are doing SSL interception for.

Thanks for any advice or assistance!!

 

[deep-cover]

Use a certificate signed by a trusted authority or import the signers certificate into the machines certificate store you are using.

 

[USMC2Hard4U]

We don't want to/can't used a cert signed by a TA. And we did import the cert, but it appears not to be working or still giving us this error.

 

[gimp]

Does your environment have a domain root cert authority?
how was the cert generated? self-signed by the appliance?

 

[USMC2Hard4U]

Does your environment have a domain root cert authority?
how was the cert generated? self-signed by the appliance?

We do not have a root cert authority and the cert was self signed by the proxy appliance.

 

[B00nie]

If there would be an easy and simple way to fake certificates it would be a hackers dream. Most likely you're going to have to make an exception client by client.

 

[gimp]

Looks like you may need to spin up a domain CA and issue the cert with that.
Then install the domain CA root cert on all the machines.

But... which store did you install the self signed cert to? And user account, service account, or computer account?