Microsoft KB Archive/278475

= You Can Use Web Enrollment for a Client Authentication Certificate That Is Too Large for Schannel.dll to Support =

Article ID: 278475

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows Millennium Edition
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



This article was previously published under Q278475





SUMMARY
When you connect to a Windows 2000 Certification Server and use the Web-enrollment process to request a Client Authentication certificate, the certificate is generated and installed. The client then attempts to connect to a secure site (https://) and you receive the following error message:

The page cannot be displayed.



MORE INFORMATION
The certificate that the client installs has an RSA key that is too large for Schannel.dll to use. The limitation with the certificate RSA key is due to Schannel.dll. Schannel.dll can only handle certain key sizes, depending on the operating system of the client. There is no mechanism for a Certification Authority to police Web enrollment key size requests. The client must request a valid key size during the enrollment process.

Below is a list of operating system types and the corresponding supported RSA key sizes:

Keywords: kbinfo kbweb KB278475

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.