Microsoft KB Archive/322261

= You cannot log on to your mailbox by using Outlook Web Access with Secure Sockets Layer (SSL) from a Macintosh computer =

Article ID: 322261

Article Last Modified on 2/13/2007

-

APPLIES TO


 * Microsoft Exchange Server 2000 Service Pack 3

-



This article was previously published under Q322261





SYMPTOMS
When all the following conditions are true
 * you use Outlook Web Access (OWA)

-and-
 * you have Secure Sockets Layer (SSL) turned on

-and-
 * you try to gain access to a computer running Exchange 2000 Server

you may receive the following error message:

The identity certificate uses an unknown signature algorithm.



CAUSE
This behavior may occur if both of the following conditions are true:
 * You use Microsoft Internet Explorer 4.5 for the Macintosh on an Apple Macintosh computer.

-and-
 * The certificate is issued by Microsoft Certificate Server.



RESOLUTION
To resolve this behavior, install Microsoft Internet Explorer 5 Macintosh Edition. To download this program, visit the following Microsoft Web site:

http://www.microsoft.com/mac/download/



WORKAROUND
To work around this behavior, verify the following:
 * The bit length of the certificate
 * The certificate bit length that the client supports
 * The type of certificate that you are using

If you have Internet Explorer 4.5 for the Macintosh installed, you may have to adjust these settings.

When you use the Certificate Wizard in Microsoft Internet Information Services (IIS), the default certificate uses Secure Hash Algorithm (SHA) encryption with either a 512-bit or a 1024-bit key. However, the Macintosh computer will reject any certificate that uses these default SHA values.

However, you can create a Server Gated Cryptography certificate for export. This uses the Message Digest 5 (MD5) Rivest, Shamir, & Adleman (RSA) signature algorithm. Internet Explorer 4.5 for the Macintosh only supports this method for signing certificates.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.



MORE INFORMATION
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

319574 HOW TO: Use Certificates with Virtual Servers in Exchange 2000 Server

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Keywords: kbnofix kbbug KB322261

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.