Details
When a user experiences Secure Socket Layer/Transport Layer Security (SSL/TLS)
certificate errors such as ‘expired,’ ‘revoked,’ or ‘name mismatch,’ Internet Explorer
blocks the user’s ability to continue browsing the Web site. The recommended state for this
setting is- Enabled.
*Rationale*
Users who ignore certificate errors are more likely to visit unauthorized sites or sites that
host malicious content.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet
ExplorerInternet Control PanelPrevent ignoring certificate errors
Impact-
If you enable this policy setting, the user is not permitted to continue browsing the Web
site. If you disable this policy setting or do not configure it, the user may elect to ignore
certificate errors and continue browsing the Web site.
Default Value-Disabled
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.