Internet Explorer Displays a Blank Personal Certificate List (216782)


The information in this article applies to:

  • Microsoft Internet Explorer 5.0 for Windows NT 4.0
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0 SP 1
  • Microsoft Internet Explorer 4.01 for Windows NT 4.0 SP 2
  • Microsoft Internet Explorer 4.0 for Windows NT 4.0
  • Microsoft Internet Explorer 5.0 for Windows 98
  • Microsoft Internet Explorer 4.01 for Windows 98 SP 2
  • Microsoft Internet Explorer 5.0 for Windows 95
  • Microsoft Internet Explorer 4.01 for Windows 95 SP 1
  • Microsoft Internet Explorer 4.01 for Windows 95 SP 2
  • Microsoft Internet Explorer 4.0 for Windows 95
This article was previously published under Q216782

SYMPTOMS

When you connect to a Web server that requires a personal certificate to initiate a secure connection, you may see a blank Client Authentication dialog box.

If you click OK, you may receive the following error message:
Internet Explorer cannot open the internet site https://Web address.
An error occurred in the secure channel support.

CAUSE

This issue occurs because Secure Socket Layer 3 (SSL3) connections require the server to send a list of Certificate Authorities (CAs) that are recognized as part of the session initiation process. The Personal Certificate dialog box is blank if none of the your personal certificates match one of the CAs on the Web server.

RESOLUTION

To work around this issue, use either of the following methods:
  • Install a personal certificate recognized by the Web server.
  • Install a CA on the Web server for the personal certificate you want to use.NOTE: You may need to contact the site's Webmaster to determine which CAs are recognized by the server.

MORE INFORMATION

A "Trusted Root Certification Authority" is recognized, or "trusted" by the Web server. The quickest way to find a "trusted" CA is to visit an SSL site, which have a Web address that begin with "https://". When you get there, double-click the paddle-lock in the lower-right corner. The certificate on the top of the "Certification Path" is a Root CA that is trusted by the Web server. You can contact this CA to obtain a personal Web browser certificate.

By installing a CA on the Web server, you are actually installing the Root Certificate of the CA that issued the personal certificate which you wish to use.

This resolution might not work if Windows NT 4.0 Service Pack 4 has been installed. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

194788 Windows NT Service Pack 4 and Client Certificates

Modification Type:MajorLast Reviewed:12/5/2003
Keywords:kbenv kberrmsg kbprb KB216782
©2003 Microsoft Corporation. All rights reserved.