Windows CE 3.0 cannot connect to security-enhanced Web pages (266695)


The information in this article applies to:

  • Microsoft Windows CE 3.0 Professional Edition for the Handheld PC
  • Microsoft Windows Pocket PC with Windows CE 3.0
This article was previously published under Q266695

SYMPTOMS

When you use Microsoft Pocket Internet Explorer to connect to a security-enhanced Web site in Microsoft Windows CE 3.0, you may receive one of the following error messages:
The page you are looking for cannot be found.

-or-

Unable to establish secure connection.
After you receive one of these error messages, the Internet Explorer logo continues to spin indefinitely. Note that this issue can occur with both the 40-bit and 128-bit versions of Pocket Internet Explorer.

CAUSE

This issue can occur because the VeriSign Certificate Authority (CA) has changed the hashing algorithm that is used for new Secure Sockets Layer (SSL) server certificates from MD-5 to SHA1. Pocket Internet Explorer is unable to connect by using SSL to any server that is using the SHA1 certificates. Because certificates expire constantly, there is a steady flow of new replacement certificates that use SHA1.

RESOLUTION

Pocket PC Users

To resolve this issue, update to the Microsoft High Encryption Pack for Pocket PC. This add-on supports MD% certificates with the new hashing algorithm. For information about how to update to the Microsoft High Encryption Pack for Pocket PC, view the following Microsoft Web site:

http://www.microsoft.com/windowsmobile/downloads/highencryption.mspx

Handheld PC Professional Users

To resolve this issue, view the following Microsoft Web site to obtain a fix for this issue:

http://www.microsoft.com/windowsmobile/downloads/128bit.mspx

MORE INFORMATION

You can use a computer that is running Internet Explorer 4.1 or later to determine the encryption algorithm that is being used by a specific Web page:
  1. View a Web site that uses SSL, for example, https://www.microsoft.com.
  2. After you establish a secure connection to the Web site, a yellow padlock icon should be displayed in the lower-right corner of the Internet Explorer window.
  3. On the File menu, click Properties, click Certificates, and then click Details. View the "Signature algorithm." It is either sha1RSA or md5RSA.
For additional information about this problem as it exists in Windows CE versions 2.11 and 2.12, click the following article numbers to view the articles in the Microsoft Knowledge Base:

274999 Windows CE 2.11 Cannot Connect to Security-Enhanced Web Pages

294389 Windows CE 2.12 Cannot Connect to Security-Enhanced Web Pages

Modification Type:MajorLast Reviewed:2/13/2005
Keywords:kberrmsg kbprb KB266695
©2004 Microsoft Corporation. All rights reserved.