Information
When a user experiences Secure Socket Layer/Transport Layer Security (SSL/TLS)
certificate errors such as 'expired,' 'revoked,' or 'name mismatch,' Internet Explorer
blocks the user's ability to continue browsing the Web site. The recommended state for this
setting is- Enabled.
*Rationale*
Users who ignore certificate errors are more likely to visit unauthorized sites or sites that
host malicious content.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Enabled.
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Prevent ignoring certificate errors
Impact-
If you enable this policy setting, the user is not permitted to continue browsing the Web
site. If you disable this policy setting or do not configure it, the user may elect to ignore
certificate errors and continue browsing the Web site.
Default Value-Disabled