DOCUMENT:Q290388 22-JUL-2002 [iis] TITLE :HOW TO: Determine if a VeriSign SGC Is Being Used on a Web Site PRODUCT :Internet Information Server PROD/VER::4.0,5.0 OPER/SYS: KEYWORDS:kbHOWTOmaster ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server version 4.0 - Microsoft Internet Information Services version 5.0 ------------------------------------------------------------------------------- IN THIS TASK ------------ - SUMMARY - Identify an SGC Certificate SUMMARY ======= When you connect to a Web site through Secure Sockets Layer (SSL), you are probably accessing the site and using some type of a certificate on the site. The most common types of certificates are: - 40-bit - 128-bit - Server Gated Cryptography (SGC) This step-by-step article describes how to identify a VeriSign SGC certificate. This is important information when troubleshooting SSL issues, because you may not know whether or not a SGC certificate is installed. SGC stands for "Server Gated Cryptography." You will also see the term "Global ID." These terms are synonymous with VeriSign. This type of certificate permits 40-bit browsers to make 128-bit connections. This type of certificate was used because of export laws before these laws were lifted for most countries. Identify an SGC Certificate --------------------------- To identify an SGC certificate when you connect to a site by using HTTPS, either connect with a 40-bit browser and point to the padlock to see "128 bit", or follow these steps: NOTE: You can only use this method with Microsoft Internet Explorer 5.0 and later. 1. Connect to the site through HTTPS, and then double-click the padlock in the lower right of your browser to view the certificate. 2. Click the Details tab, click All, and then select Enhanced Key Usage. In the bottom pane, you see the following: - Unknown Key Usage(2.16.840.1.113730.4.1) - Unknown Key Usage(1.3.6.1.4.1.311.10.3.3) If you do not see Enhanced Key Usage, you are not using an SGC certificate. Note that your browser, whether it is 40-bit, 56-bit, or 128-bit, will establish a 128-bit cipher strength connection if the server has an SGC certificate. Additional query words: SSL SGC Server Gated Cryptography Global ID Secure Sockets Layer VeriSign ====================================================================== Keywords : kbHOWTOmaster Technology : kbiisSearch kbiis500 kbiis400 Version : :4.0,5.0 Issue type : kbhowto ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.