Use the following table to help you troubleshoot some of the more common browser-related problems that you may encounter while working with Digital Certificate Manager (DCM).
Problem | Possible Solution |
---|---|
Microsoft® Internet Explorer does not let you select a different certificate until you start a new browser session. | Begin a new browser session for Internet Explorer. |
Internet Explorer does not show all selectable client/user certificates in a browser's selection list. Internet Explorer only shows certificates, issued by the trusted CA, that you can use at the secure site. | A CA must be trusted in the key database as well as by the secure application. Be sure that you signed on to the PC for the Internet Explorer browser with the same user name as the one that put the user certificate in the browser. Get another user certificate from the system that you are accessing. The system administrator must be sure that the certificate store (key database) still trusts the CA that signed the user and system certificates. |
Internet Explorer 5 receives the CA certificate, but cannot open the file or find the disk to which you saved the certificate. | This is a new browser feature for certificates that are not yet trusted by the Internet Explorer browser. You can choose the location on your PC. |
You received a browser warning that the system name and system certificate do not match. | Some browsers do different things for uppercase and lowercase matching on system names. Type the URL with the same case as the system certificate shows. Or, create the system certificate with the case that matches what most users use. Unless you know what you are doing, it is best to leave the server name or system name as it was. You must also check that your domain name server is set up correctly. |
You started Internet Explorer with HTTPS instead of HTTP, and you received a warning of a secure and nonsecure mix of sessions. | Choose to accept and ignore the warning; a future release of Internet Explorer fixes this problem. |
Netscape Communicator 4.04 for Windows® converted hexadecimal values A1 and B1 to B2 and 9A in the Polish code page. | This is a browser bug that affects NLS. Use a different browser or even use the same version of this browser on a different platform, such as Netscape Communicator 4.04 for AIX®. |
In a user profile, Netscape Communicator for 4.04 showed uppercase user certificate NLS characters correctly, but showed lowercase characters incorrectly. | Some national language characters that were entered correctly as one character but are not the same character when displayed later. For example, on the Windows version of Netscape Communicator 4.04, the hexadecimal values A1 and B1 were converted to B2 and 9A for the Polish code page, resulting in different NLS characters being displayed. |
The browser continues to tell the user that the CA is not yet trusted. | Use DCM to set the CA status to enabled to mark the CA as trusted. |
Internet Explorer requests reject the connection for HTTPS. | This is a problem with the browser function or its configuration. The browser chose not to connect to a site that is using a system certificate that might be self-signed or may not be valid for some other reason. |
Netscape Communicator browser and server products employ root certificates from companies, including, but not limited to, VeriSign, as an enabling feature of SSL communications — specifically, authentication. All root certificates expire periodically. Some Netscape browser and server root certificates expired between December 25, 1999 and December 31, 1999. If you did not fix this problem on or before December 14, 1999, you will receive an error message. | Earlier versions of the browser (Netscape Communicator 4.05 or earlier) have certificates that expire. You need to upgrade the browser to the current Netscape Communicator version. Information on browser root certificates is available on many sites including http://home.netscape.com/security/ and http://www.verisign.com/server/cus/rootcert/webmaster.html. Free browser downloads are available from http://www.netcenter.com. |