We recently had a problem where a customer wasn’t able to access JIRA via SSL from IE7 on Windows Vista (and IE 5.5 on WinNT although we never got to test that). Firefox worked fine. IE7 from Windows XP worked fine.
The customer was using a self-signed certificate which is perfectly fine, since the browser should simply prompt you to accept the certificate. However IE7 on Vista only reported:
Internet Explorer cannot display the webpage Most likely causes: You are not connected to the Internet. The website is encountering problems. There might be a typing error in the address.
As it turns out, IE7 on Vista does not like the SHA1 certifcate signature alogrithm (the default used by Java’s keytool utility). If you specify RSA everything works fine.
So in order for your self-signed certificates to work in IE7 on Vista, use the following command when generating the certificate:
%keytool -genkey -alias tomcat -keyalg RSA
Please see our docs for the full procedure of allowing SSL access to Tomcat.
Relatively unrelated: It seems that IE7 on Vista also doesn’t like the certificate on support.atlassian.com:
Now, correct me if I’m wrong, but 26/06/2007 falls into the 27/09/2005 – 27/09/2007 range yes?! The certificate works fine on IE7 with Windows XP. Almost a case for WTF?!