Err Msg: The Security Certificate for This Site Has Either Expired or Does Not Match the Server Name

ID: Q222931

The information in this article applies to:

Microsoft Pocket Internet Explorer, version 2.0
Microsoft Windows CE versions 2.0, 3.0 Professional Edition for the Handheld PC

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs.

SYMPTOMS

When you visit a secure Web site with Pocket Internet Explorer 2.0, you may receive the following error message:

The security certificate for this site has either expired or does not match the server name. Would you like to continue viewing pages at this site?

If you click Yes, you receive the following error message:

Unable to establish secure connection.

CAUSE

This behavior occurs when you switch quickly between secure Web sites that use different security protocols. For example, this behavior can occur if you switch from a site using SSL2 security to a site using PCT security, or if you switch from a site using SSL3 to SSL2 security.

It takes approximately 100 seconds for Pocket Internet Explorer to flush its security protocols from the cache. Pocket Internet Explorer is not flushing its security protocols from the cache before moving from the first site to the second site with the different security protocol.

If you wait approximately 100 seconds for Pocket Internet Explorer to flush its security protocols from the cache and then switch to another secure Web site, the error message does not occur.

RESOLUTION

This issue has been resolved in Service Pack 1 for Microsoft Windows CE 2.0. To obtain Service Pack 1, please contact your Original Equipment Manufacturer (OEM).

The following Microsoft Web site has links to most OEMs for Microsoft Windows CE-based devices:

http://www.microsoft.com/WindowsCE/Products/download/updates.asp

To Work Around the Problem

WARNING: Using a registry editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of a registry editor can be solved. Use a registry editor program at your own risk.
This issue can also be resolved by adding a key in the registry. To edit the registry on a Windows CE-based mobile device, you need to obtain a third-party registry editor.

After obtaining a registry editor, add the following new registry value on the mobile device:

Key: HKEY_LOCAL_MACHINE\Comm\SecurityProviders\SCHANNEL\

Value: ServerCacheTime=dword:0

Additional query words:


Keywords          : kberrmsg wince handheld pocketie 
Version           : WINDOWS:2.0,3.0 Professional Edition
Platform          : WINDOWS 
Issue type        : kbprb

Last Reviewed: June 16, 1999