Microsoft KB Archive/290388

= HOW TO: Determine if a VeriSign SGC Is Being Used on a Web Site =

Article ID: 290388

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Services 6.0
 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q290388



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



IN THIS TASK
SUMMARY
 * Identify an SGC Certificate



SUMMARY
When you connect to a Web site through Secure Sockets Layer (SSL), you are probably accessing the site and using some type of a certificate on the site. The most common types of certificates are:
 * 40-bit
 * 128-bit
 * Server Gated Cryptography (SGC)

This step-by-step article describes how to identify a VeriSign SGC certificate. This is important information when troubleshooting SSL issues, because you may not know whether or not a SGC certificate is installed.

SGC stands for &quot;Server Gated Cryptography.&quot; You will also see the term &quot;Global ID.&quot; These terms are synonymous with VeriSign. This type of certificate permits 40-bit browsers to make 128-bit connections. This type of certificate was used because of export laws before these laws were lifted for most countries.

back to the top

Identify an SGC Certificate
To identify an SGC certificate when you connect to a site by using HTTPS, either connect with a 40-bit browser and point to the padlock to see &quot;128 bit&quot;, or follow these steps:

NOTE: You can only use this method with Microsoft Internet Explorer 5.0 and later.  Connect to the site through HTTPS, and then double-click the padlock in the lower right of your browser to view the certificate. Click the Details tab, click All, and then select Enhanced Key Usage. In the bottom pane, you see the following:  

Unknown Key Usage(2.16.840.1.113730.4.1)Unknown Key Usage(1.3.6.1.4.1.311.10.3.3)



If you do not see Enhanced Key Usage, you are not using an SGC certificate.

Note that your browser, whether it is 40-bit, 56-bit, or 128-bit, will establish a 128-bit cipher strength connection if the server has an SGC certificate.

back to the top

Additional query words: SSL SGC Server Gated Cryptography Global ID Secure Sockets Layer VeriSign

Keywords: kbhowto kbhowtomaster KB290388

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.