S h o r t S t o r i e s

// Tales from software development

Internet Explorer “Unable to display webpage” after applying Windows Update KB2661254

with 6 comments

After applying this week’s Windows Updates several of my colleagues noticed that they could no longer access a KVM-over-IP box that we use to remotely control a Windows PC.

Installing the updates one by one on another PC showed that the culprit was the update for KB2661254. It sets a minimum requirement of 1024 bytes for certificates and our KVM uses a 512 byte certificate for SSL. We have no way of changing the certificate on the KVM and it’s unlikely that the vendor will be rushing out a firmware update anytime soon with a new 1024 byte certificate.

Microsoft’s knowledge base article for KB2661254 describes a workaround that can be enabled in the registry.

Although four settings are described, the only one that we needed was the one to change the minimum requirement for certificate length from 1024 bytes to 512 bytes. Unfortunately, the registry setting doesn’t exist and must be created but it’s easy enough to do this:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config

Name: MinRsaPubKeyBitLength


Value: 512 decimal / 200 hex


Written by Sea Monkey

October 11, 2012 at 7:00 pm

Posted in Environments

Tagged with

6 Responses

Subscribe to comments with RSS.

  1. Exactly what i was looking for a KVM Aten CS1708i



    November 20, 2012 at 10:59 am

  2. Thank you very much Sea!
    Resolve my problem with IE9



    February 28, 2013 at 2:02 pm

  3. I can’t believe there’s still no update for the cs1708i to resolve this problem. Dumbing down the security of IE is not an appropriate solution. The cs1708i’s firmware should be revised to utilize a more appropriate cert. I just had a client buy one of these and their browsers don’t work without modding. As you might imagine they are non to pleased with having to dumb down their security.


    April 9, 2013 at 8:35 pm

  4. Tks! I was doing it through certutil.. so easy this way!


    March 25, 2014 at 11:27 pm

  5. Hi thanks from me. This is still helpful in May 2014. I also had to add an additional reg key: EnableWeakSignatureFlags REG_DWORD 2 at the same path – all is now well. Thanks again.


    May 23, 2014 at 2:45 pm

  6. Amazing my friend. The registry change tip just made my day. Strggling since long on this.
    God Bless u my friend


    February 26, 2015 at 1:05 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: