Installing VeriSign Certificates with Internet Explorer 8 (IE8)

Posted on Feb 25, 2014 in General  | No comments

I recently had an infuriating experience with VeriSign that I wouldn’t wish on my worst enemy, so I thought I’d try to save someone a bunch of time and frustration by putting the fix on the ‘net.

When submitting a product for Windows Logo certification one is required to digitally sign and submit a file (winqual.exe) to the winqual.microsoft.com web site.  In order to sign the file you first need a VeriSign organisation certificate that, presumably, is designed to verify you are from the company you purport to be from.  Fair enough.

The VeriSign process is relatively straight forward:

  1. Go to their web site and purchase the certificate
  2. They send you an email with a URL and a PIN
  3. You go to the web site and “Install Certificate” direct from the web page

It’s in step 3 where it all went horribly wrong for me.  Stupidly, I am not using IE7.  After several lengthy discussions with VeriSign “chat consultants” I was told in no uncertain terms that IE7 was the only supported browser and that to get my certificate I had to “find a machine with IE7 on it”.  Then I could simply export the certificate and move it later.

I had used IE8 on Windows 7 x64 to make the order, and it turns out that even if you do find a IE7 machine it still won’t work because it has to be the same machine you placed the order on.  I confirmed, that Firefox, Chrome and Safari also will not work.

Diagnosis

Faced with basically no way forward I decided to fix the problem for them.  I had noticed that my IE8 was throwing script errors so I pulled up the source and noticed that VeriSign are using VBScript to write an object tag, which loads a COM dll of their making, which in turn records the public key in Windows’ certificate store.

My first attempt was to take the VBScript code and make a “vbs” file out of it but that really seemed like it was a bit harder than it should have to be.

The Fix

On my second attempt I simply marked the VeriSign web site as “Trusted” and the “Install Certificate” button on the page worked like a charm.

VeriSign FAIL!

So, OK this port could have been shorter, but now you know. Make VerSign’s web site trusted before (or during) the process to get the certificate installed. Don’t bother asking VeriSign for help.  They can’t.

Making a web site trusted in IE8

Tools –> Internet Options –> Security tab –> Trusted sites –> Sites button –> Type https://*.verisign.com and click Add

Now you know.