You Can Use Web Enrollment for a Client Authentication Certificate That Is Too Large for Schannel.dll to Support (278475)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0 Terminal Server Edition
  • Microsoft Windows 2000 Professional
  • Microsoft Windows Millennium Edition
  • Microsoft Windows 98
  • Microsoft Windows NT Workstation 4.0
This article was previously published under Q278475

SUMMARY

When you connect to a Windows 2000 Certification Server and use the Web-enrollment process to request a Client Authentication certificate, the certificate is generated and installed. The client then attempts to connect to a secure site (https://) and you receive the following error message:
The page cannot be displayed.

MORE INFORMATION

The certificate that the client installs has an RSA key that is too large for Schannel.dll to use. The limitation with the certificate RSA key is due to Schannel.dll. Schannel.dll can only handle certain key sizes, depending on the operating system of the client. There is no mechanism for a Certification Authority to police Web enrollment key size requests. The client must request a valid key size during the enrollment process.

Below is a list of operating system types and the corresponding supported RSA key sizes:

ClientRSA key size
Windows 95
Windows 98
Windows 98 Second Edition
Windows Millennium Edition		2048 bits or smaller
Windows NT 4.02048 bits or smaller
Windows 20004096 bits or smaller
Modification Type:MinorLast Reviewed:1/26/2006
Keywords:kbinfo kbweb KB278475
©2004 Microsoft Corporation. All rights reserved.