Disable the ability to Bypass Certificate Error (Self Signed, Expired, Etc..) RRS feed

  • Question

  • Looking for the ability to block websites with invalid certificates. There is a GPO setting that by default is enabled to not allow the ability to bypass a certificate error for revoked certificates. However, this does not work with Expired Certs, Server Name mismatches, etc...

    Wondering if there is a setting that we can set (via Registry, File, or GPO) to add this additional behavior?

    Thursday, January 26, 2017 8:58 PM

All replies

  • Hi,

    You can specify a custom security zone setting for the Internet zone via GPO. By default web sites that don't map to another IE security zone are placed in the Internet zone's security context.

    Test by Tools>Internet Options>Security tab, Internet zone.... slide the Security level slider from medium-high to high.

    To determine which IE security zone a host is mapped to select the File>Properties menu from IE.



    Thursday, January 26, 2017 10:09 PM