With a more widespread deployment this year of Windows 8/Server 2012, we are running into more and more quirks that arise from a new operating system and their related applications.  This week we bring you the challenge of certificate errors and Internet Explorer 10.

Most of us in the I.T. community, or even power users, are accustomed to the quick flash of our browser warning us of a certificate mismatch, non-public signing, etc. when logging into devices like server interfaces, remote access management tools, browser-based consoles, etc.  A quick click of the “Click to continue to this website (not recommended)” button and we were good to go!

In many use cases however, this went out the window (a little pun intended) with the introduction of Internet Explorer 10.  Avast, you will discover that this option is no longer listed as available to you!

A bit of research turns to a security update in Internet Explorer.  Due to the raw computing capabilities of even a mainstream PC today, a 512-bit public key is no longer considered very secure.  IE 10 therefore is looking for 1024-bit public keys, which many of those devices and consoles we are using cannot offer.

The Microsoft recommended solution is to upgrade the hardware/software/appliance into which you are connecting.  Not.very.practical.Steven!

Instead, let’s revert IE to back to allowing those 512-bit keys.  Run the following command from an elevated command prompt:

certutil -setreg chain\minRSAPubKeyBitLength 512

If you need/wish to revert back to the more secure setting, simply run this command:

certutil -setreg chain\minRSAPubKeyBitLength 1024

 

Sources:

http://support.microsoft.com/kb/2661254
http://social.technet.microsoft.com/Forums/en/ieitprocurrentver/thread/5fdf4b07-30e6-4a0b-bb08-9adc45d42d54