Issue
When attempting to trust a self signed certificate, the option to permanently trust the certificate is not enabled.
When viewing the certificate, you see the message "Bad server certificate" in the field "Issued by"
Refer to WebHelp Article 10326 for further information about certificate types
Product Line
EcoStruxure Building Operation
Environment
Certificates
Cause
There can be various reasons why a certificate can not be trusted, and many or these are described in SSL Certificates - Security Certificate Risk warning logging in to WorkStation or WebStation using H....
In this specific case where you see the message "Bad server certificate", the cause is that the certificate is not deemed trustworthy.
First of all, you need to check what the reason behind the certificate being flagged as bad is. This is easiest done by examining the "CRL Distribution Points" property of the certificate, to determine which service is checking or affecting the certificate.
In this example, we can see that it is ZScaler (a proxy server provider) is listed, so the reason why the certificate is deemed as bad, is most likely because the certificate is self signed, and that is not accepted by the company policy.
If disabling the usage of a proxy server on the PC you are working on allows you to trust the certificate, you can confirm that it is an issue with the proxy server not allowing the self signed certificate.
For more information about how e.g. ZScaler handles certificates, refer to the How does ZScaler protect SSL traffic article.
Resolution
Either reconfigure the proxy to allow the self signed certificate, or (the better option) get a proper CA signed certificate.
For more information about preparing and importing a CA signed certificate, refer to Preparing and importing a signed CA certificate.
