Netscape Users Cannot Access Web Pages with 128-Bit Certificate Authentication (260266)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
This article was previously published under Q260266 SYMPTOMS You may not be able to gain access to Web pages after
upgrading a 40-bit Secure Sockets Layer (SSL) certificate to a 128-bit SSL
certificate (VeriSign). When you attempt to connect with a Netscape 40-bit
browser, the following error message is displayed and no connection is made:
The security library has experienced an error. You will
probably be unable to connect to this site securely. CAUSE The 128-bit VeriSign certificate is a Server Gated
Cryptography (SGC) certificate; it causes secure connections between Netscape
clients and Microsoft Internet Information Services (IIS) servers not to work.
When the SGC renegotiation is performed, handshaking does not succeed.
RESOLUTIONTo resolve this problem, obtain the latest service
pack for Windows 2000. For additional information, click the following article
number to view the article in the Microsoft Knowledge Base: 260910 How to Obtain the Latest Windows 2000 Service Pack
Instructions for Installation After you apply the hotfix and restart your computer, run the
following command to provide 128-bit high encryption non-export support:
%systemroot%\system32\export\encinst
When you run this command, the command prompt returns with no
message displayed. After you restart your computer, the hotfixes for
Crypt32.dll and Schannel.dll are installed. STATUSMicrosoft
has confirmed that this is a problem in the Microsoft products that are listed
at the beginning of this article.
This problem was first corrected in Windows 2000 Service
Pack 1.
| Modification Type: | Major | Last Reviewed: | 3/21/2006 |
|---|
| Keywords: | kbbug kbfix kbQFE kbWin2000SP1Fix KB260266 |
|---|
|