XCCC: Cannot Log On to Outlook Web Access with Secure Sockets Layer from Macintosh Computer (322261)
The information in this article applies to:
- Microsoft Exchange 2000 Server SP3
This article was previously published under Q322261 SYMPTOMS When all the following conditions are true
- you use Outlook Web Access (OWA)
-and- - you have Secure Sockets Layer (SSL) turned on
-and- - you try to gain access to a computer running Exchange 2000
Server
you may receive the following error message:
The identity certificate uses an unknown signature
algorithm. CAUSE This behavior may occur if both of the following conditions
are true:
- You use Microsoft Internet Explorer 4.5 for the Macintosh
on an Apple Macintosh computer.
-and- - The certificate is issued by Microsoft Certificate
Server.
RESOLUTION To resolve this behavior, install Microsoft Internet
Explorer 5 Macintosh Edition. To download this program, visit the following
Microsoft Web site: WORKAROUND To work around this behavior, verify the following:
- The bit length of the certificate
- The certificate bit length that the client
supports
- The type of certificate that you are using
If you have Internet Explorer 4.5 for the Macintosh installed,
you may have to adjust these settings. When you use the Certificate
Wizard in Microsoft Internet Information Services (IIS), the default
certificate uses Secure Hash Algorithm (SHA) encryption with either a 512-bit
or a 1024-bit key. However, the Macintosh computer will reject any certificate
that uses these default SHA values. However, you can create a Server
Gated Cryptography certificate for export. This uses the Message Digest 5 (MD5)
Rivest, Shamir, & Adleman (RSA) signature algorithm. Internet Explorer 4.5
for the Macintosh only supports this method for signing certificates.
STATUSMicrosoft has confirmed that
this is a problem in Microsoft Exchange 2000 Server.
| Modification Type: | Major | Last Reviewed: | 10/21/2003 |
|---|
| Keywords: | kbnofix kbbug KB322261 |
|---|
|