You are currently offline, waiting for your internet to reconnect

Windows NT Service Pack 4 and Client Certificates

This article was previously published under Q194788
This article has been archived. It is offered "as is" and will no longer be updated.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
When you use Internet Explorer and attempt to connect to a Web server thatrequires Client Certificates, the browser may not display applicableClient Certificates. However, the Client Certificates are visible in theAuthorities area of Internet Explorer Options.

If you use Internet Information Server (IIS) 4.0 with Secure Sockets Layer(SSL) and you have installed a root certifying authority certificate(other than those issued by well-known third parties, such as VeriSign,Thawte Consulting, or Microsoft), you may need to reinstall the affectedroot certifying authority certificates after you install SP4. You need todo this if you are using Microsoft Certificate Server 1.0, which shippedwith the Windows NT Option Pack.
Internet Information Server 4.0 has Windows NT Service Pack 4installed, which includes an updated Capi32.dll.

This behavior is by design.
The Iisca.exe program that resolved this issue prior to this service packis no longer functional after you install Service Pack 4.

The following changes must made to the Internet Information Servercomputer, not the browser computer.

To reinstall the root certifying authority certificate:
  1. Open Internet Explorer 4.0.
  2. Browse to the root certifying authority certificate that you want to add. For example, for Microsoft Certificate Server, go to http://server/certsrv/CertEnroll/cacerts.htm and click the root certifying authority certificate you want.
  3. Select "Save this file to disk."
  4. Close the browser.
  5. Right-click on the downloaded certificate and choose Install.
  6. After the Certificate Manager Import wizard has started, click Next.
  7. Choose to place all certificates into the following store.
  8. Click Browse, and then click "Show physical stores."
  9. Expand Trusted Root Certification Authorities, select Local Computer, and then click OK.
  10. Click Next, and then click Finish.
  11. Reboot your Web server computer.
NOTE: If you choose Open in step 3 instead of "Save this file to disk,"the process may not resolve the issue.

Article ID: 194788 - Last Review: 01/10/2015 11:37:07 - Revision: 4.0

  • kbnosurvey kbarchive kbpending kbprb KB194788