Microsoft KB Archive/216782

= Internet Explorer Displays a Blank Personal Certificate List =

Article ID: 216782

Article Last Modified on 1/24/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 Service Pack 1
 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 4.0 128-Bit Edition
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 5.0
 * Microsoft Internet Explorer 4.01 Service Pack 1
 * Microsoft Internet Explorer 4.01 Service Pack 2
 * Microsoft Internet Explorer 4.0 128-Bit Edition

-



This article was previously published under Q216782



SYMPTOMS
When you connect to a Web server that requires a personal certificate to initiate a secure connection, you may see a blank Client Authentication dialog box.

If you click OK, you may receive the following error message:

Internet Explorer cannot open the internet site https://.

An error occurred in the secure channel support.



CAUSE
This issue occurs because Secure Socket Layer 3 (SSL3) connections require the server to send a list of Certificate Authorities (CAs) that are recognized as part of the session initiation process. The Personal Certificate dialog box is blank if none of the your personal certificates match one of the CAs on the Web server.



RESOLUTION
To work around this issue, use either of the following methods:
 * Install a personal certificate recognized by the Web server.
 * Install a CA on the Web server for the personal certificate you want to use.NOTE: You may need to contact the site's Webmaster to determine which CAs are recognized by the server.



MORE INFORMATION
A "Trusted Root Certification Authority" is recognized, or "trusted" by the Web server. The quickest way to find a "trusted" CA is to visit an SSL site, which have a Web address that begin with "https://". When you get there, double-click the paddle-lock in the lower-right corner. The certificate on the top of the "Certification Path" is a Root CA that is trusted by the Web server. You can contact this CA to obtain a personal Web browser certificate.

By installing a CA on the Web server, you are actually installing the Root Certificate of the CA that issued the personal certificate which you wish to use.

This resolution might not work if Windows NT 4.0 Service Pack 4 has been installed. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

194788 Windows NT Service Pack 4 and Client Certificates

Keywords: kberrmsg kbenv kbprb KB216782

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.