Microsoft KB Archive/266695

= Windows CE 3.0 cannot connect to security-enhanced Web pages =

Article ID: 266695

Article Last Modified on 2/13/2005

-

APPLIES TO


 * Microsoft Windows CE 3.0 for the Handheld PC Professional Edition
 * Microsoft Windows Pocket PC with Windows CE 3.0

-



This article was previously published under Q266695



SYMPTOMS
When you use Microsoft Pocket Internet Explorer to connect to a security-enhanced Web site in Microsoft Windows CE 3.0, you may receive one of the following error messages:

The page you are looking for cannot be found.

-or-

Unable to establish secure connection.

After you receive one of these error messages, the Internet Explorer logo continues to spin indefinitely. Note that this issue can occur with both the 40-bit and 128-bit versions of Pocket Internet Explorer.



CAUSE
This issue can occur because the VeriSign Certificate Authority (CA) has changed the hashing algorithm that is used for new Secure Sockets Layer (SSL) server certificates from MD-5 to SHA1. Pocket Internet Explorer is unable to connect by using SSL to any server that is using the SHA1 certificates. Because certificates expire constantly, there is a steady flow of new replacement certificates that use SHA1.



Pocket PC Users
To resolve this issue, update to the Microsoft High Encryption Pack for Pocket PC. This add-on supports MD% certificates with the new hashing algorithm. For information about how to update to the Microsoft High Encryption Pack for Pocket PC, view the following Microsoft Web site:

http://www.microsoft.com/windowsmobile/downloads/highencryption.mspx

Handheld PC Professional Users
To resolve this issue, view the following Microsoft Web site to obtain a fix for this issue:

http://www.microsoft.com/windowsmobile/downloads/128bit.mspx



MORE INFORMATION
You can use a computer that is running Internet Explorer 4.1 or later to determine the encryption algorithm that is being used by a specific Web page:
 * 1) View a Web site that uses SSL, for example, https://www.microsoft.com.
 * 2) After you establish a secure connection to the Web site, a yellow padlock icon should be displayed in the lower-right corner of the Internet Explorer window.
 * 3) On the File menu, click Properties, click Certificates, and then click Details. View the &quot;Signature algorithm.&quot; It is either sha1RSA or md5RSA.

For additional information about this problem as it exists in Windows CE versions 2.11 and 2.12, click the following article numbers to view the articles in the Microsoft Knowledge Base:

274999 Windows CE 2.11 Cannot Connect to Security-Enhanced Web Pages

294389 Windows CE 2.12 Cannot Connect to Security-Enhanced Web Pages

Keywords: kberrmsg kbprb KB266695

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.