Server-Gated Cryptography

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Server-Gated Cryptography (SGC) offers financial institutions a solution for worldwide financial transactions by using 128-bit encryption. SGC is an extension of SSL that enables financial institutions with export versions of IIS to use strong encryption.

SGC does not require an application to run on the client browser and will enable export clients to connect with 128-bit strength. Although SGC capabilities are built into IIS 4.0, 5.0, and 6.0, an SGC certificate is required to use SGC. Contact your CA for availability information.

If you want to support clients that run software without strong encryption support, you need only SGC certificates. On January 14, 2000, the United States government eliminated the remaining export controls for most computer hardware and software products that incorporate strong encryption, which was defined as products that implemented symmetric key encryption with key lengths of over 64 bits. Windows 2000 Server was the first platform to be shipped internationally under the new regulations with 128-bit+ encryption. For information about United States export regulations, see United States Commerce Department Bureau of Industry and Security. For more information about exporting Microsoft products, see Exporting Microsoft Products.


If you are running Windows 2000 and you open your SGC certificate, you might receive the following notice on the General tab: "The certificate has failed to verify for all its intended purposes." This notice is issued because of the way SGC certificates interact with Windows 2000 Server and does not necessarily indicate that the certificate does not work correctly.