Microsoft KB Archive/875450

= SSL does not work you try to connect to Web sites that use Server Gated Cryptography certificates that are issued by Thawte =

Article ID: 875450

Article Last Modified on 10/18/2007

-

APPLIES TO

 Microsoft Internet Explorer 5.01, when used with:  Microsoft Windows NT 4.0

 Microsoft Windows 98 Second Edition

 Microsoft Windows 98 Standard Edition  Microsoft Internet Explorer 5.0, when used with:  Microsoft Windows NT 4.0</li></ul>

 Microsoft Windows 98 Second Edition</li></ul>

 Microsoft Windows 98 Standard Edition</li></ul> </li> Microsoft Windows 2000 Server</li> Microsoft Windows 2000 Advanced Server</li> Microsoft Windows 2000 Professional Edition</li> Microsoft Windows NT Workstation 4.0 Developer Edition</li> Microsoft Windows NT Server 4.0 Standard Edition</li> Microsoft Windows NT Server 4.0 Enterprise Edition</li> Microsoft Windows NT Server 4.0, Terminal Server Edition</li> Microsoft Windows 98 Second Edition</li></ul>

-

<div class="notice_section">

<div class="symptoms_section">

SYMPTOMS
When you try to connect to a Web site that uses a Server Gated Cryptography (SGC) certificate that is issued by Thawte for strong encryption, you may receive the following error message:

The page cannot be displayed.

<div class="cause_section">

CAUSE
Server Gated Cryptography (SGC) is a mechanism that permitted Web browsing software to use strong (128-bit) SSL encryption. Typically, SGC is included with products that were released before the lifting of export controls on strong encryption. The United States government imposed constraints on software vendors. Because of these constraints, vendors could enable SGC capabilities only for certification authorities (CAs) who agreed to issue certificates that use SGC only to authorized organizations. For example, vendors could enable SGC capabilities for CAs who agreed to issue certificates only to financial institutions.

Microsoft issued a cross certificate to Thawte to enable Thawte's SGC capability. This cross certificate expired on July 16, 2004. Therefore, sites that are configured with Thawte SGC certificates cannot enable older clients that have standard (40 or 56 bit) encryption to use strong SSL encryption. Clients that have the High Encryption Pack already installed are not affected.

Microsoft and other vendors stopped shipping products that have standard encryption shortly after the U.S. lifted its export restrictions in early 2000. By default, these products support strong encryption and do not depend on sites to be configured with SGC certificates for strong SSL encryption.

<div class="resolution_section">

Windows 2000
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

Windows NT 4.0
To resolve this problem, obtain the Microsoft Windows NT 4.0 Security Rollup Package. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)

Microsoft Windows NT Server version 4.0, Terminal Server Edition
To resolve this problem, obtain the Microsoft Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

317636 Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package

Windows 98
To resolve this problem, obtain the latest version of Microsoft Internet Explorer. To do this, visit the following Microsoft Web site:

http://www.microsoft.com/windows/ie/default.mspx

Alternatively, you may install the High Encryption Pack for older versions of Internet Explorer. To do this, visit the following Microsoft Web site:

http://www.microsoft.com/windows/ie/ie6/downloads/recommended/128bit/default.mspx

However, we strongly recommend that you install the latest version of Internet Explorer because it contains features and services that help protect your Web browsing experience.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Additional query words: Win98 WinNT TS Win2k Win2000

Keywords: kbdownload kbsecurity kbprb kbcertservices kbdigitalcertificates KB875450

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.