Issue: Self-Signed Certificate in Certificate Chain
Solution:
There a few reasons you may be seeing this error, the two most common ones are:
- You are behind a “transparent proxy”, which means someone (such as your IT department) is intercepting HTTPS traffic, decrypting it, and then encrypting it using a self-signed certificate
- You are running software, such as anti-virus software, which is injecting a self-signed SSL certificates into the HTTPS messages you receive
When Storage Explorer encounters one of these "self-signed certificates", it can no longer know if the HTTPS message it is receiving has been tampered with. If you have a copy of the self-signed certificate though, then you can tell Storage Explorer to trust it. If you are unsure of who is injecting the certificate, then you can try to find it yourself by doing the following:
- Install Open SSL
- Windows (any of the light versions should suffice) https://slproweb.com/products/Win32OpenSSL.html
- Mac and Linux: Should be included with your operating system
- Run Open SSL
- Windows: Go to the install directory, then /bin/, then double click on openssl.exe
- Mac and Linux: execute "openssl" from a terminal
- Execute
s_client -showcerts -connect microsoft.com:443 - Look for self-signed certificates. If you're unsure which are self-signed, then look for any where the subject ("s:") and issuer ("i:") are the same.
- Once you have found any self-signed certificates, then for each one, copy and paste everything from and including
-----BEGIN CERTIFICATE-----to-----END CERTIFICATE-----to a new .cer file. - Open Storage Explorer and then go to Edit -> SSL Certificates -> Import Certificates. Using the file picker, find, select, and open the .cer files you created.