Reset Search
 

 

Article

KB12130 - Authenticating with a client certificate can result in 'The page cannot be displayed' error message

« Go Back

Information

 
Last Modified Date8/1/2015 2:05 PM
Synopsis
This article describes the issue of 'The page cannot be displayed' error message being generated, when users try to authenticate with a client certificate using the Certificate Authentication server.

 
Problem or Goal
Environment:
 
  • Using Internet Explorer (IE) and/or Firefox (FF) browser.
 
  • When users try to authenticate with a client certificate using the PCS Certificate Authentication server, they get 'The page cannot be displayed' error message.
 
  • The logs may show the Reason field as blank. For example - 'SSL negotiation failed while client at source IP xx.xx.xx.xx was trying to connect to xx.xx.xx.xx. Reason:'.
Cause
This issue may occur when one of the following conditions are true:
 
  • The certificate is expired.
 
  • The private key is missing in the certificate.
Solution
The issue is an expected behavior of the browser as the certificate is considered invalid and the connection is dropped.  To confirm and resolve this issue, perform the following procedure:

For Internet Explorer users:
  1. Open Internet Explorer.
 
  • From the tool bar, click Tools > Internet Options > Content tab > Certificates.
 
  • Under the Personal tab, there should be a list of installed certificate(s). If the certificates exist, refer to Step 4. If no certificates are listed, this confirms that no certificates are installed on the device and they have to be re-installed.
 
  • From the list, double click the corresponding certificate.
 
  • From the General tab, confirm if the following statement exists - You have a private key that corresponds with this certificate. If the statement exists, refer to Step 6. If this statement is missing, the certificate was installed or exported incorrectly from the original machine. The certificate will have to be re-installed or exported with the private key (exported file should have the file extension of .P12 or .PFX). The image below has the statement highlighted.
     

 
  • From the Personal tab, select the corresponding certificate and click Export.
 
  • An Export wizard will be displayed; click Next.
 
  • From the Export Private Key window, confirm if the Yes, export the private key option is available. If this option is not available, this could be due to the permissions to the RSA folder or the Mark this key as exportable option was not selected during import.  It is suggested to re-install the certificate or export the certificate with the private key from the original computer, if possible.

For Firefox users:
  1. Open Mozilla Firefox.
 
  • From the toolbar, click Tools > Options > Advanced > Encryption tab > View Certificates.
 
  • Under the Your Certificates tab, a list of certificate should be displayed.  If no certificates exist, this confirms that no certificates are installed on the machine and they will need to be re-installed. If the certificates do exist and you are experiencing this issue, try exporting the certificate and importing to Internet Explorer to confirm if it works.  If the issue persists, open a case with PTAC for further review.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255