이 콘텐츠는 선택한 언어로 제공되지 않습니다.

5.3. Configuring Internet Explorer to Enroll Certificates


Warning

The following procedure is no longer supported and only kept for reference. This functionality has been deprecated from Internet Explorer 11, and Microsoft has ended support for IE 10.
Because of the security settings in Microsoft Windows, requesting and enrolling certificates through the end entities pages using Internet Explorer requires additional browser configuration. The browser has to be configured to trust the CA before it can access the CA's end-entities pages.

5.3.1. About Key Limits and Internet Explorer

Microsoft uses certain cryptographic providers which support only a subset of potential key sizes for RSA and for ECC keys. These are listed in Table 5.1, “Providers and Key Sizes”.
The key size support can impact the configuration of profiles that will be used with Internet Explorer. Configuring profiles is covered in Chapter 3, Making Rules for Issuing Certificates (Certificate Profiles).
Expand
Table 5.1. Providers and Key Sizes
Algorithm Provider Supported Key Sizes
ECC Microsoft Software Key Storage Provider
  • nistp256
  • nistp384
  • nistp521
ECC Microsoft Smart Card Key Storage Provider
  • nistp256
  • nistp384
  • nistp521
RSA Microsoft Base Cryptographic Provider
  • 1024
RSA Microsoft Strong Cryptographic Provider
  • 1024
  • 2048
  • 3072
  • 4096
  • 8192
RSA Enhanced Cryptographic Provider
  • 1024
  • 2048
  • 3072
  • 4096
  • 8192
RSA Microsoft Software Key Storage Provider
  • 1024
  • 2048
  • 3072
  • 4096
  • 8192

5.3.2. Configuring Internet Explorer

  1. Open Internet Explorer.
  2. Open Tools Internet Options Advanced Security, and unselect TLS 1.2.
  3. Import the CA certificate chain.
    1. Open the unsecured end services page for the CA, for example:
      http://server.example.com:8080/ca/ee/ca
      Copy to Clipboard Toggle word wrap
    2. Click the Retrieval tab.
    3. Click Import CA Certificate Chain in the left menu, and then select Download the CA certificate chain in binary form.
    4. When prompted, save the CA certificate chain file.
    5. In the Internet Explorer menu, click Tools, and select Internet Options.
    6. Open the Content tab, and click the Certificates button.
    7. Click the Import button. In the import window, browse for and select the imported certificate chain.
      The import process prompts for which certificate store to use for the CA certificate chain. Select Automatically select the certificate store based on the type of certificate.
    8. Once the certificate chain is imported, open the Trusted Root Certificate Authorities tab to verify that the certificate chain was successfully imported.
  4. Configure Internet Explorer to prompt to allow unsafe ActiveX controls to be used for scripting. If this is not allowed and an end entity attempts to enroll a certificate in the standard (non-SSL) end-entites pages, Internet Explorer will block these pages.
    1. In the Internet Explorer menu, click Tools and select Internet Options.
    2. Open the Security tab and click Custom Level.
    3. In the ActiveX Controls and Plugins area, change the value of the Initialize and script ActiveX controls not marked as safe setting to Prompt.
  5. After the certificate chain is imported, Internet Explorer can access the secure end services pages. Open the secure site, for example:
    https://server.example.com:8443/ca/ee/ca
    Copy to Clipboard Toggle word wrap
  6. There is probably a security exception when opening the end services pages. Add the CA services site to Internet Explorer's Trusted Sites list.
    1. In the Internet Explorer menu, click Tools, and select Internet Options.
    2. Open the Security tab and click Sites to add the CA site to the trusted list.
    3. Set the Security level for this zone slider for the CA services page to Medium-High; if this security setting is too restrictive in the future, then try resetting it to Medium.
  7. Open the Tools Compatibility View and Compatibility View Settings, and enable the Compatibility View setting by adding the specific site to the list.
  8. Close the browser.
To verify that Internet Explorer can be used for enrollments, try enrolling a user certificate as described in Section 5.4.1, “Requesting and Receiving a Certificate through the End-Entities Page”.
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat