Microsoft and SHA2 256 Certs

This has got to be one of the stupidest things that I have ran into for a while. and out of all people the Department of Homeland Security were the ones that helped us out!  First it seamed as though it was a Citrix issue, then as we dug deeper we knew that it was the cert causing issues.

Symptoms

On a Windows 2003 (replicated as well on a 2008 R2 server) server or an XP client you get an error page from IE saying “Internet Explorer cannot display the webpage” but you know your internet connection is up and the server is up as well.  To double check that the server is actually up check the site on your phone, or another computer.

I also tried accessing this site from a CAIN Live CD and received a message from Epiphany Web Browser saying “Unable to load page.  Problem occurred while loading the URL https://somesite.com  SSL handshake failed: A TLS packet with unexpected length was received.

The FIX (for XP and 2003)

This is almost impossible to find but MS has a patch to fix this issue.  You have to ask nicely for it though.  Just go to http://support.microsoft.com/kb/968730 and read all about it.  Now why something like this not included in Windows Update?

Leave a Reply

All Work on this site is not to be reproduced without written permision from Nick Schroedl.