1. 403.16 Client certificate error BUT no Client Certificate is requi
We have ONE user for a SSL-enabled web application who is encountering the following error message: 403.16 - Forbidden: Client certificate is ill-formed or is not trusted by the Web server. User is using MSIE, version unknown. Application is on a Windows 2003, service pack 1 server using IIS 6.0. Wesite does not have a "certificate trust list" enabled. Our web application does require SSL. Our web application does NOT require any client certificates, and is in fact set to ignore client certificates. Any suggestions on what to do to diagnose this issue?
3. Web Service security using client certificate and IIS client certi
First, excuses for my English, i am not a native speaker ;-)) here we go I have developed a Web Service and configure it (IIS 6.0) to require SSL and a Client Certificate to be accessed. I've generated three certificates (a chain), in order to reproduce the process of web authentication with certificates. It was generated a root self-signed CA certificate (CN = AC RAIZ NOVO), an intermediate CA certificate (CN = AC INTERMEDIARIA NOVO) signed with the root certificate and an End Entity certificate (CN = ANDREI NOVO:77777777777777) signed with the intermediate certificate. (The generated certificates are attached to the .zip file) I've installed the chain in the Local Computer STORE on the Web Server executing the Web Service, so I would be able to present my client certificate (CN = ANDREI NOVO:77777777777777) to establish the trust connection I've have also created the CRL files issued (signed) by the CAs (CN = AC RAIZ NOVO and CN = AC INTERMEDIARIA NOVO) certificates, and made them available at the address configured on the CRLDistributionPoints extensions of the certificates The client End Entity certificate (CN = ANDREI NOVO:77777777777777, Serial Number = 33 33) was added to the CA (CN = AC INTERMEDIARIA NOVO) CRL file. Because the client certificate (CN = ANDREI NOVO:77777777777777) is present in the certification revocation list issued by its issuer (CN = AC INTERMEDIARIA NOVO), and this crl is pointed at the CRLDistributionPoints certificate extension, it was expected to be refused when it tries to access the resource, but it does not happens. This behavior occurs only with the certificates I have generated.. With others client certificates (REVOKED), the IIS Service blocks the access to the resource (Web Service) I have tried besides, do not publish any crl file at the address configured at the CRLDistributionPoints certificate extension, to see if the IIS Service blocks this certificate, but I did not have success. Both situations, it was expected to receive the HTTP 403.13 - Forbidden: Client certificate revoked , but the access to the Web Service is granted. Maybe, I am generating the Certificate or CRL in an incorrect format, I don't know .. but i thought that IIS should deny access for invalid certificates anyway... The IIS Web Server, where the accessed Web Service is hosted, is configured to check the CRL (Certification Revocation List) and it really does with other certificates If somebody could help me solve this problem I would be very thankful See attachments (OPS ... Is there a way of posting an attachment here ? )
4. 'Allow client certificates' and popup 'Choose Digital Certificate'
5. matching of Client Certificates with Server Certificates
Hello,
I wanted to know if the following properties of Server Certificates
to be matched with the Server Certificate?
1. Issuer
2. Issued
3. Thumbprint
4 Validity
1. if Private key in the Server Certificate should be associated with the
Client Certificate also?
2. If Server Certificate has only single purpose of "Server Authentication"
as displayed in its properties, can it be exported to .pfx/p7b format file to
be used as a Client Certificate. Please Help
Thanks in Advance
6. client certificate authentication using makecert certificate
7. Requesting client certificate - already have server certificate
I want to request and install a client certificate for an IIS 6 webserver that already has a server certificate installed. The server certificate is used when our customers connect to our secure website. The client certificate will be used when we connect to a third-party website which requires (and issues) client certficates. The CA's for the server certificate and the client certificate are completely distinct and unrelated (and both are third parties). The client certificate CA requires a CSR. I initially prepared a request as follows: 1. In IIS Manager, bringing up Properties for the website. 2. Clicking the Directory Security tab. 3. Clicking the Server Certificate button. 4. Clicking Next. 5. Clicking Renew the current certificate. 6. Completing the Wizard and saving the certificate request to a file. This generates a CSR. The certificate generated from it has the same "Issued To", "Friendly Name", etc. as the server certficate. My concern is that that may not be what I want. In particular, when I install the client certificate I don't want it to conflict in any way with the server certficate. Is this the appropriate way to generate the client certificate CSR? Thanks, David Montgomery
8. cannot see client certificate with IIS requesting certificate