Internet Explorer Was Unable to Import This Certificate

Article translations Article translations
Article ID: 182054 - View products that this article applies to.
This article was previously published under Q182054
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
Expand all | Collapse all

On This Page

SYMPTOMS

When you attempt to import a digital certificate into Internet Explorer from another browser, you may receive the following error message:
Internet Explorer was unable to import this certificate.

CAUSE

This error message can occur if you are attempting to import a 1024-bit key (high grade) or greater digital certificate, and you are not running the 128-bit version of Internet Explorer.

RESOLUTION

To resolve this behavior, upgrade to the 128-bit version of Internet Explorer. To obtain the 128-bit Internet Explorer Upgrade, please visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en

MORE INFORMATION

The 128-bit Internet Explorer Upgrade installs the Rivest-Shamir-Adleman (RSA) certificate provider. With the RSA certificate provider, you can import high grade digital certificates into Internet Explorer in PFX format.

You can import only 512-bit key (low grade) digital certificates into Internet Explorer.

Additional Information

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Note that this behavior can also occur if a previously exported 1024-bit key (high-grade) is improperly imported into a different system.

When this occurs, the 128-bit Cryptographic Service Provider (CSP) is not registered as the default provider. When you try to import the 1024-bit certificate onto a 1024-bit system, it does not work because it is trying to make a call to the default 512-bit base (exportable) provider, which does not accept strong cryptographic key sizes (>512 bit).

To correct this problem, change the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001

Name = "Microsoft Base Cryptographic Provider v1.0"

to

Name = "Microsoft Enhanced Cryptographic Provider v1.0"


This behavior can also occur if the user key for the certificate you are trying to import already exists in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Cryptography\UserKeys
To work around this behavior, delete the appropriate user key in the above registry key.

Properties

Article ID: 182054 - Last Review: March 29, 2007 - Revision: 3.3
APPLIES TO
  • Microsoft Internet Explorer 1.0
  • Microsoft Internet Explorer 2.0
  • Microsoft Internet Explorer 3.0
  • Microsoft Internet Explorer 3.01
  • Microsoft Internet Explorer 3.02
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 4.01 128-Bit Edition
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 3.2
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 2.0
  • Microsoft Internet Explorer 3.0
  • Microsoft Internet Explorer 3.01
  • Microsoft Internet Explorer 3.02
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 4.01 128-Bit Edition
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 4.01 128-Bit Edition
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01
Keywords: 
kbenv kberrmsg kbprb KB182054
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com