question

DaveKwas avatar image
0 Votes"
DaveKwas asked DaveKwas commented

'Not Secure' warning on New Edge for site with trusted certificate chain

Hi, I've got a web based system which I'm supporting which is EOL, uses Silverlight and as such IE. The system which is being implemented to replaced this older Silverlight based one won't be available until around August time and with the retirement date of IE11 landing before then I've started to do some testing with the new Edge and IE11 Enterprise mode. Enterprise mode is working fine but we are getting 'Not Secure' warnings on the webpage with a description 'The site has a valid certificate issued by a trusted authority. However some parts of the site are not secure'.

The certificate is issued from our own PKI so I'm happy that is as it should be so I'm thinking there is something being detected within the webapp / Silverlight where it maybe be submitting something unsecure. As the all is only available internally on our network and has been used in IE11 for years, the security folk are happy to accept the risk and we are fairly sure this is just because the newer browser if checking something which IE11 didn't.

So my question would be, is there any way with Edge to disable this warning globally or for specific sites so these additional checks are not carried out?

Cheers

windows-10-generalms-edge
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

YuZhou-MSFT avatar image
0 Votes"
YuZhou-MSFT answered DaveKwas commented

Hi anonymous userKwas

I think you're experiencing the same thing described in the last two comments in this link. If there's any http-served content in your https page, it will show "Not Secure" in Edge IE mode. Actually, in this situation, it will also show not secure in IE by hiding the lock icon from the address bar.

The default reference links to the Silverlight support pages are http. I suggest that you change the http references to https and make sure there's no http content in your pages.

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Regards,
Yu Zhou

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaveKwas avatar image DaveKwas ·

Thanks, I'll see if its something the app support team are willing to do. As we don't have support for said app anymore I'd expect they wouldn't be keen to change anything on the source. I've taken a quick look and can confirm your correct that they do have references to support links under HTTP so I'd advise that's the reason and we can accept the risk of editing it or the risk of end users complaining.

Many Thanks
Dave

0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered DaveKwas commented

Hi there,

You can hide the Not secure message by editing the group policy but it is not recommended to do so. Instead, try to look deeper into the issue and resolve it.

You can hide the error message by editing this GPO OverrideSecurityRestrictionsOnInsecureOrigin. Microsoft Edge - Policies https://docs.microsoft.com/lt-lt/DeployEdge/microsoft-edge-policies#overridesecurityrestrictionsoninsecureorigin

To resolve this issue, an organization that hosts the secure Web site can purchase a certificate for each Web server from a third-party provider. Or, the organization can install a Microsoft Enterprise certification authority in the Active Directory forest. Then, the organization can use this certification authority to generate a certificate for each Web server.

https://support.microsoft.com/en-us/topic/-there-is-a-problem-with-this-website-s-security-certificate-when-you-try-to-visit-a-secured-website-in-internet-explorer-0b8931a3-429d-d0e2-b38f-66b8a15fe898


--If the reply is helpful, please Upvote and Accept it as an answer–

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaveKwas avatar image DaveKwas ·

Hi, Thanks for that. I too would prefer not to hide them all with group policy so I think we might just need to accept this one for now as to me it would be too risky using that GPO setting.

The site already uses certificates from our own Enterprise CA so I know the cert side is good, website behaves exactly as you'd expect in IE11 but as they won't be around forever we needed something to bridge the gap - just seems Edge is going a better job at its risk assessment that IE11.

Many Thanks
Dave

0 Votes 0 ·