000025223 - SSL certificate not accepted by Microsoft Internet Explorer

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025223
Applies ToKeon Certificate Authority 6.5.1
Microsoft Internet Explorer 6.0 SP2
Microsoft Internet Information Server (IIS) 5.1
Netscape Navigator 7.x
IssueSSL certificate not accepted by Microsoft Internet Explorer
Attribute 'Enhanced Key Usage' from SSL certificate displays value 'Code Signing (1.3.6.1.5.5.7.3.3)'
Error: "The page cannot be displayed" in Microsoft Internet Explorer
SSL web page is displayed using Netscape Navigator
CauseMicrosoft Internet Explorer seems more restrictive for SSL certificate for web sites. If a certificate has the attribute 'Enhanced Key Usage' set to 'Code signing (1.3.6.1.5.5.7.3.3)', Internet Explorer will reject the certificate, without any prompt, and will not display the web page. Netscape is less restrictive and will display the secured web page.
ResolutionTo correct this issue, re-issue the certificate by changing the Extended Key Usage values. Log in Keon CA and click the certificate request. Before clicking on 'Issue certificate', be sure to have the Certificate Extensions 'Enhanced Key Usage' Selected. Then click on 'Issue Certificate'. Depending if this extension is mandatory or not, the page to modify the values may be displayed next, or in the following screens if you continue clicking next.

Set the 'extKeyUsage' (Number of object identifiers to be included in the extension) value to '2'

Set the 'extKeyUsage' (Extention OIDs) values to '1.3.6.1.5.5.7.3.1' and '1.3.6.1.5.5.7.3.2'. (TLS Web server authentication and TLS web client authentication)
Legacy Article IDa28099

Attachments

    Outcomes