Enabling SHA2 Certificate Support on Windows Server 2003
Solution 1
The Crypt32.dll 5.131.3790.5235 version fixes the issue (after a reboot). It is available at http://support2.microsoft.com/kb/2868626
The previously installed version was 5.131.3790.5014 version and it did not fix the issue. According to this post (https://mendel129.wordpress.com/tag/crypt32-dll/), there are two variants of the 5014 version: one from Windows Update (KB2661254, does not work) and another as a QFE (KB968730).
Solution 2
This problem is solved by installing KB3072630, which is installed automatically if you have Windows Update enabled. The version number of Crypt32.dll is 5.131.3790.5668 after the update.
KB938397 and KB968730 are deprecated and replaced by the update above.
Related videos on Youtube
02 : 43
03 : 04
02 : 30
23 : 10
06 : 04
grin0048
Updated on September 18, 2022Comments
-
grin0048 almost 2 years
A little background information first. I have an SSIS package that runs inside a Windows Server 2003 SP2 32 bit environment. The package recently started failing with the following error during a script task which downloads a webpage using an SSL connection:
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.Some digging revealed a couple of things: I also could not access the website in question using IE8 from the server (I can with Firefox), and the website had just been issued a new SHA256 certificate.
After doing some research, my current assumption is that the problem is that I don't have support for SHA2 certificates on this server. I grabbed the certificate from the site and ran
CertUtil -verify [cert file]which gives the following result:The signature of the certificate can not be verified. 0x80096004 (-2146869244)I found a couple of hotfixes from Microsoft, and from what I understand, either of them should enable support for SHA2 certificates:
So I requested the hotfix for kb968730 and attempted to install it, but got the following error:
The installation cannot continue because the following packages might not be valid: KB2616676_V2 c:\windows\system32\dllcache\crypt32.dll 5.131.3790.4905 KB2616676_V2 c:\windows\system32\crypt32.dll 5.131.3790.4905 Reinstall the packages listed above, and then reinstall KB968730The version of the crypt32 library that is included with the hotfix is 5.131.3790.4477 which explains why the installer won't proceed.
At this point I'm not quite sure what I need to do. The kb968730 article indicates that crypt32.dll is the only file that is updated by the hotfix which makes me think, since I have a newer version already, shouldn't I already have this functionality? But, it would seem as though I don't, unless I am mistaken about the root cause of the issue.
-
Michael Hampton about 10 yearsHave you tried doing what it said and reinstalling the packages listed above? -
grin0048 about 10 yearsI have not. I did a little poking around regarding that error message, and it sounds like that is what you'll get if you are attempting to install packages that are older than the ones you already have.
-
degenerate almost 9 yearsGoogle this answer leads to the correct hotfixes, however the default hotfix download is for Server 2003 64-bit. If you get the error that the file is for a different architecture, click the link to show all languages and versions, and you can download the x86 package. The direct link to the Server 2003 and SBS 2003 32-bit hotfix is hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix262679/…
-
reckface over 8 yearsThis was used to troubleshoot and fix an issue with: dps.ws.hmrc.gov.uk/dpsauthentication/service Especially the fact that it doesn't load in IE8 (on most Windows 2003 server machines some of our customers have)
-
-
Ladadadada almost 8 yearsAlthough you got the same error message you had a different problem. Your answer does not help enabling SHA2 support on Windows Server 2003. You may be better off finding a question that more closely matches the answer you have.
-
youfu almost 4 years
