HOW TO: Determine if a VeriSign SGC Is Being Used on a Web Site

When you connect to a Web site through Secure Sockets Layer (SSL), you are probably accessing the site and using some type of a certificate on the site. The most common types of certificates are:

• 40-bit
• 128-bit
• Server Gated Cryptography (SGC)

This step-by-step article describes how to identify a VeriSign SGC certificate. This is important information when troubleshooting SSL issues, because you may not know whether or not a SGC certificate is installed.

SGC stands for "Server Gated Cryptography." You will also see the term "Global ID." These terms are synonymous with VeriSign. This type of certificate permits 40-bit browsers to make 128-bit connections. This type of certificate was used because of export laws before these laws were lifted for most countries.

Identify an SGC Certificate

To identify an SGC certificate when you connect to a site by using HTTPS, either connect with a 40-bit browser and point to the padlock to see "128 bit", or follow these steps:

NOTE: You can only use this method with Microsoft Internet Explorer 5.0 and later.

1. Connect to the site through HTTPS, and then double-click the padlock in the lower right of your browser to view the certificate.
2. Click the Details tab, click All, and then select Enhanced Key Usage. In the bottom pane, you see the following:
   • Unknown Key Usage(2.16.840.1.113730.4.1)Unknown Key Usage(1.3.6.1.4.1.311.10.3.3)
   If you do not see Enhanced Key Usage, you are not using an SGC certificate.
   
   Note that your browser, whether it is 40-bit, 56-bit, or 128-bit, will establish a 128-bit cipher strength connection if the server has an SGC certificate.