Share via


Determining the Intermediate Root CA Version on a Web Server

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

The VeriSign Global Server ID Intermediate Root certification authority (128-bit SSL) expired on January 7, 2004. Servers running IIS that have not been updated with the new Global Server ID Intermediate Root certification authority may encounter problems when clients try to establish SSL sessions by using the Secure Hypertext Transfer Protocol after January 7, 2004.

Note

Servers that use VeriSign 40-bit Secure Server ID certificates are not affected by this expiration.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

To determine the Intermediate Root CA version on a Web server

  1. From the Start menu, click Run, type mmc, and then click OK.

  2. On the File menu, click Add/Remove Snap-in.

  3. On the Add/Remove Snap-in dialog box, click Add, select Certificates from the snap-in list, and then click Add.

  4. Choose the Computer account option and then click Next.

  5. Select Local Computer (the computer this console is running on), and then click OK.

  6. Click Close, and then click OK.

  7. In the console window, expand Certificates, and then expand Intermediate Certificate Authorities.

  8. Click the Certificates folder.

  9. In the Issued To column, locate the certificate with "www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD. ©97 Verisign" as the certificate name.

  10. Right-click the certificate, and then click Open.

    If the certificate has expired, the following message is displayed on the General tab:

    "This certificate has expired or is not yet valid."

    If the certificate is current, the following message is displayed on the General tab:

    "This certificate is intended for the following purposes:"

    and lists the purposes for which the certificate is to be used.

  11. Note the Valid from date to date range, and then click OK.

  12. If you need to update the Intermediate Root CA on your Web server, follow the instructions on the Verisign Web site.