none
Add Https internal site to Trusted Zone RRS feed

  • Question

  • I'm trying to add an internal https FQDN to the trusted zone in group policy.

    My question is does it matter if I add https://myserver.mydomain.com/server or will it still work if i leave off the last part and just put in the fqdn https://myserver.mydomain.com

    thanks in advance

    PS it has to be https even though it's internal

    Tuesday, May 23, 2017 4:43 PM

Answers

  • Hi,

    use wildcard notation https://*.mydomain.com or *.mydomain.com (you should configure your intranet server to only accept https (Site settings in IIS).

    Before adding an Intranet site to your IE Trusted Sites list.......

    Which IE security zone does in now map to?

    Why do you want to place it in the Trusted sites list?

    It should already be automatically mapped to the Intranet zone.

    Use the File>Properties menu in IE to find out which IE security zone the host of a web page is mapped to.

    https works (that is your data is encrypted) in any IE security zone. To enforce it on an intranet site you would configure your web server and FQDN to only accept https requests, and use the https:// protocol in any desktop or favorite links that you distribute.

    Regards.


    Rob^_^

    Tuesday, May 23, 2017 9:33 PM

All replies

  • Hi,

    use wildcard notation https://*.mydomain.com or *.mydomain.com (you should configure your intranet server to only accept https (Site settings in IIS).

    Before adding an Intranet site to your IE Trusted Sites list.......

    Which IE security zone does in now map to?

    Why do you want to place it in the Trusted sites list?

    It should already be automatically mapped to the Intranet zone.

    Use the File>Properties menu in IE to find out which IE security zone the host of a web page is mapped to.

    https works (that is your data is encrypted) in any IE security zone. To enforce it on an intranet site you would configure your web server and FQDN to only accept https requests, and use the https:// protocol in any desktop or favorite links that you distribute.

    Regards.


    Rob^_^

    Tuesday, May 23, 2017 9:33 PM
  • As IECustomizer says, Intranet is more trusted than Trusted.

    If the user connects to a site with the FQDN, it should come up as intranet already.  If they use a flatname (https://ACMESERVER1 for example) it can come up as an internet site.  The only way I've found around that is to set up the values separately in site to zone list. It's mostly for user known addresses like "intranet" or "teams".
    Tuesday, May 23, 2017 9:41 PM
  • Hi,

    We haven’t heard from you for a couple of days, have you solved the problem?  We are looking forward to your good news.

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 2, 2017 8:49 AM
    Moderator