IIS web server patches with certificates issued from EE-GovCA2018 chain(solved 13.11.2019)


NB! Microsoft IIS web server issue has been fixed on Windows Server 2016 (LTSC) with update KB4516061 and Windows Server 2019 (LTSC) with KB4520062 .

At the end of 2018, it became clear that the new certificates issued from the EE-GovCA2018 chain cannot authenticate against IIS web services using Safari (in macOS) or Google Chrome.

This issue was caused by a faulty implementation of Microsoft RFC 5246.

Microsoft has released a patch for the KB4516061 version of Windows Server 2016. The 2019 server has been patched with Windows Server Insider Preview and at the moment, Microsoft hasn't announced, when the fix will be available for users.

Additionally, Microsoft announced that the Windows Server 2012 and 2012R2 versions will unfortunately not be patched because these versions are not included in mainstream support products. Here, we recommend upgrading older versions of web servers to newer ones, or using other web browsers (Internet Explorer, Microsoft Edge, Mozilla Firefox) for newer ID cards.

More information on setting up ID card support for the IIS web server and a description of the problem can be found here.

More info help at ria dot ee.



If you didn't find an answer to your question, send it to our team.

  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance


  • Verification failed

How can we improve the article and be more helpful?
Send Close