Microsoft KB Archive/222931

= Err Msg: The Security Certificate for This Site Has Either Expired or Does Not Match the Server Name =

Article ID: 222931

Article Last Modified on 8/23/2007

-

APPLIES TO


 * Microsoft Windows CE 3.0 for the Handheld PC Professional Edition
 * Microsoft Windows CE 2.0 for the Handheld PC
 * Internet Explorer Mobile

-



This article was previously published under Q222931



IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs.



SYMPTOMS
When you visit a secure Web site with Pocket Internet Explorer 2.0, you may receive the following error message:

The security certificate for this site has either expired or does not match the server name. Would you like to continue viewing pages at this site?

If you click Yes, you receive the following error message:

Unable to establish secure connection.



CAUSE
This behavior occurs when you switch quickly between secure Web sites that use different security protocols. For example, this behavior can occur if you switch from a site using SSL2 security to a site using PCT security, or if you switch from a site using SSL3 to SSL2 security.

It takes approximately 100 seconds for Pocket Internet Explorer to flush its security protocols from the cache. Pocket Internet Explorer is not flushing its security protocols from the cache before moving from the first site to the second site with the different security protocol.

If you wait approximately 100 seconds for Pocket Internet Explorer to flush its security protocols from the cache and then switch to another secure Web site, the error message does not occur.



RESOLUTION
This issue has been resolved in Service Pack 1 for Microsoft Windows CE 2.0. To obtain Service Pack 1, please contact your Original Equipment Manufacturer (OEM).

The following Microsoft Web site has links to most OEMs for Microsoft Windows CE-based devices:

http://www.microsoft.com/windowsmobile/mobilelife/default.mspx

To Work Around the Problem
WARNING: Using a registry editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of a registry editor can be solved. Use a registry editor program at your own risk.

This issue can also be resolved by adding a key in the registry. To edit the registry on a Windows CE-based mobile device, you need to obtain a third-party registry editor.

After obtaining a registry editor, add the following new registry value on the mobile device:

Key: HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\

Value: ServerCacheTime=dword:0

Keywords: kberrmsg kbprb KB222931

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.