I have a tricky issue, I'm trying to install a certificate to sign a VBA file. I've purchased a third party certificate and followed the instructions here to install it and sign my VBA file with it. However, I'm getting the following error when I try to use my certificate:

No usable signing certificates

(I believe) This is because, even though I've been able to install my new certificate through MMC in both my user account and local computer under the "Personal" folder, I haven't yet been able to install my certificate through IE.

When I attempt to install my new certificate (SPC file) in IE, I'm able to select it in the Import Wizard, and specify all settings correctly, however when I finish the wizard:

And I receive the "Success" message, the certificates are not imported, in fact I see no change in the "Personal" screen. This is in stark contrast to the behavior that I see in MMC, where I repeat the same steps and after completing the wizard, the two certificates in my SPC are installed without issue.

I've tried restarting, importing the certificates basically everywhere in MMC, but I cannot get these certificates to install in IE and consequentially I cannot sign my VBA files.

Update 1

I've got my certificate to show up under "Other People" now, can't remove it or move it though, and I still get the same error in VBA when trying to sign my file with it, does my cert need to be in the "Personal" folder, or can one sign a VBA file with a cert in the "Other People" folder?

I wonder what criteria excel uses to determine if a particular cert is one that can be used to sign a file. So far I have not found any documentation on this. I have found a old post on conflicting versions. That could be the issue I suppose, but I'm not sure what aspect or version excel is looking for...

Update 2

I was issued a SPC file, (hypothesis) I believe I need to sign the file with the following instructions before I can use it. That, is considerably harder than it first seems. Seems my files "private key" is marked as non-exportable:

Export-PfxCertificate : Cannot export non-exportable private key.

I wonder why my third party cert authority provided me with a cert formatted in this manner. Seems I'm not the only one confused my this cert business either. Lots of discussion on the internet about this sort of thing, just not allot of particularity useful instructions on how to do it. I really hope I don't have to proceed down this path.

I have a few Windows 2012 servers that I've been tasked with setting up for my developers.

We interact with the servers using RDP.

One of the servers is behaving *very* strangely. If I start internet explorer by:

1. Start
2. Click on IE icon under the start listing

When I do this IE starts but it takes over the *ENTIRE* desktop and has a non-standard appearance -- the address bar is at the bottom and there doesn't seem to be a way to get back to the desktop short of starting the task manager and killing the IE process.

When this happens it looks like the following:

However, I've found that if I start IE by

1. Start
2. Search for Internet
3. Click on the return result

Then IE starts as expected in a window on the desktop in a standard format.

I'm assuming this is some obscure (horrible, IMO) interface that somehow got activated. How do I fix this to behave normally, as a standard desktop window?

We have a Windows 2008 R2 server, in the same box we have a stand alone CA (Certificate Authority) and IIS running an ASP application that requires client certificate for access the web app. It is working correctly, but we have starting having problems requesting the user certificates from Windows 10 running IE 11 from certsrv website. We request the certificate using 2048 key size and issue the certificate from the CA console in the server, then from the Windows 10 computer the certificate installs correctly and show that have the private key installed correctly but when we access the web app we got the following errors (1st one for classic ASP and the second from ASPX pages):

403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

HTTP Error 403.7 - Forbidden The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.

We have tried installing the CA certificate from MMC Certificates in the personal and computer stores and problem persists. Also, we tried enabling the web site compatibility in IE and adding to trusted sites.

But we do not have problems with Windows XP computers running IE 6, we request the certificate from certsrv website and the process is easy and works

So far looks like IE 11 is having some problem with the certsrv website. We do not use Firefox or Chrome because the web app was designed to work only with IE.

Any help will be appreciated

Thank you

Limber Jaimes

Is it possible to disable HTTP Strict Transport Security in IE 11?

Example of why one would want to do this: A particular user group has filtered internet access through a proxy where only whitelisted domains and URLs are allowed. You want to allow access to http://www.xyzzy.com/hi/there but because the website uses HTTP Strict Transport Security users are being redirected to https://www.xyzzy.com/hi/there. In this situation, you'd be forced to allow access to all of https://www.xyzzy.com.

We have implemented the Enterprise Mode Site List and have a few sites in there working as expected at various emulation mode levels.

For one particular internal site, we used IE's Developer Tools (F12) to determine which emulation mode makes the site work. We walked back through all of the modes under Browser Profile = Desktop, but none worked. Then we switched to Browser Profile = Enterprise, and started trying those. The answer was:

Browser Profile = Enterprise
Document mode = Edge

Now we need to configure this site in the Enterprise Mode Site List Manager tool, but it is unclear which setting to choose. That's one part of the question.

Once we configure it, we'd like to go to a user's machine, open the site, and then somehow verify that it is indeed using the expected emulation mode.

If I hit F12 for Development Tools, it's really not clear whether it is telling me the emulation level currently being used on the page that is open, or if it's just showing whatever setting was there last.

What is the correct way to determine which emulation mode is actually being used by a page? If I knew that, I wouldn't have to ask the first question because I could check for myself. :)

Oh, and I was hoping to avoid turning on the logging feature that Enterprise Mode has. It would probably tell me what I need to know, but I'm trying to keep it simple and not add any overhead.