I guess the right way to say it is the browser seeks to verify the cert with a trusted certification authority. If the issuer isn't listed in the browser's list of trusted authorities, you get the error message. As I understand it, there are apparently legitimate commercial CAs that for whatever reason don't make the club of the trusted. Here is the IE7 error message text: [image: Shield icon] There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. *We recommend that you close this webpage and do not continue to this website. * [image: Recommended icon]Click here to close this webpage. <javascript:closePage()> [image: Not recommended icon]Continue to this website (not recommended).<http://afs.msu.edu/> Someone correct me if I've got this wrong. /rich On 10/19/06, Tom Rockwell <[log in to unmask]> wrote: > > Hi, > > re: SSL certificates > > Is the behavior with self-signed certs only or is it also with certs > signed by CAs that the browser doesn't have the signature for? > > Thanks, > Tom > > Richard Wiggins wrote: > > Heads-up for those supporting Windows computers: > > > > Today I was reminded that on November 1, Windows Update will begin > > offering users the option of installing Internet Explorer 7. It will > > be offered to local users who are logged in as Administrator starting > > that day. Users can say Yes, No, or Later. > > > > I've been running IE 7 for months now, and while its HTML rendering is > > much better than day 1, it is quite a bit different than the look and > > feel of earlier IE versions. This could cause user confusion. > > Lately I've had it crash on me frequently, though earlier it was > > stable. (Could be a change un my usage.) > > > > The warning for use of a self-signed certificate is much sterner. The > > message says: > > > > We recommend you close this webpage and do not continue to this > > website. > > > > We will be sure that help desks are briefed and we'll have knowledge > > base articles on this up in a day or two. > > > > For managed desktops in a domain there is a way for sysadmins to > > suppress the offer of updating: > > > > More information is at: > > > > > http://www.microsoft.com/technet/updatemanagement/windowsupdate/ie7announcement.mspx > > > > > > Here are pertinent passages: > > > > Automatic Updates Delivery Process > > > > The automatic delivery process will notify users that an update is > > available and allow users to choose whether to install Internet > > Explorer 7. The process is described below ... > > > > Automatic Updates will only offer Internet Explorer 7 to users with > > local administrator accounts. Automatic Updates will notify all such > > users (including those with Automatic Updates configured to > > automatically download and install updates) when Internet Explorer 7 > > has been downloaded and is ready to install. The notification and > > installation process will not start unless and until a user who is a > > local administrator logs on to the machine. Users who are not local > > administrators will not be prompted to install the update and will > > thus continue using Internet Explorer 6. > > > > After clicking on the Automatic Updates notification balloon, users > > will see a welcome screen summarizing key features of Internet > > Explorer 7 and presenting three options - Install, Don't Install, and > > Ask Me Later. > > • > > > > If a user selects "Install": The installation process will commence > > and require Windows Genuine Advantage validation and a re-boot to > > complete. Installation of Internet Explorer 7 will not override a > > user's default browser choice and will transfer the user's previous > > homepage, favorites, search settings and compatible toolbars. When the > > user launches Internet Explorer 7, a first-run experience will be > > offered highlighting new features and changes. > > • > > > > If a user selects "Don't Install": The notification process will not > > re-prompt the user to install at a later time; however, any user who > > is a local administrator will be able to install Internet Explorer 7 > > at any time as an optional update from the Windows Update and > > Microsoft Update sites or from the Microsoft Download Center. > > • > > > > If a user selects "Ask Me Later": The install process will not proceed > > and Automatic Updates will start notifying the user that an update is > > available using the same process (notification balloon and welcome > > screen) within approximately 24 hours. > > > > Internet Explorer 7 will replace Internet Explorer 6 on a user's > > machine. However, users may roll back to Internet Explorer 6 by > > uninstalling Internet Explorer 7 via the Windows Control Panel > > Add/Remove Programs utility. > > > > /rich > >