Client certificate request fails when TLS 1.2 and 1.1 secure protocols are enabled in Internet Explorer 11


When a website requests a client certificate (such as for authentication), Internet Explorer 11 cannot send the certificate if the TLS 1.2 and TLS 1.1 secure protocols are enabled.


Update information

To resolve this problem, install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update.

For technical information about the most recent cumulative security update for Internet Explorer, go to the following Microsoft website: This update was first included in security update 2976627.

For more information about security update 2976627, click the following article number to view the article in the Microsoft Knowledge Base:

2976627 MS14-051: Cumulative security update for Internet Explorer: August 12, 2014

More Information

This issue only occurs with servers that downgrade the TLS session in an ungraceful way (such as by sending a TCP reset when receiving a TLS protocol version that the server does not support). If a server downgrades the TLS session in a proper way that indicates the desired version in the respective server handshake, then any client-side certificate that may be required is sent to the server correctly.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


See the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.