Re: Getting 403 Forbidden error. Client Cert didn't sent
- From: Abel Chan <awong@xxxxxxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 11:42:04 -0800
Hi there,
I believe the CA is trusted on both client and server.
To be 100% sure, the following is how I setup the certificate:
Server side
-------------
1) Purchased an official SSL Web Server certificate issued by Thawte Premium
Server CA.
2) Installed SSL Web Server certificate on a back up server, which has
BizTalk on it.
3) Test the certificate by posting a document to an external web site (https
posting) through a BizTalk channel by attaching the SSL Web Server
certificate. It passed the test so I am 100% sure the certificate is
installed correctly.
4) Export the SSL Web Server certificate without a private key. (I tried
with private key before. I don’t see any difference. Just to make it simple
without a private key)
Client side
-------------
1) Go to a XP client machine | MMC | Certificate and install the exported
certificate into Certificate (Local Computer) | Personal | Certificate.
2) Double click on the certificate and it shows: This certificate is
intended for the following purpose(s): Ensures the identity of a remote
computer. Proves your identify to a remote computer. All other information
is correct including expiration date.
3) Go to Certificate (Local Computer) | Trusted Root Certification
Authorities | Certificates. Select Thawte Premium Server CA. Right mouse
click Properties and go to the General tab.
4) Check the Client Authentication check box.
5) Go back to Certificate (Local Computer) | Personal | Certificate.
Select the installed certificate. Right mouse click Properties and go to the
General tab.
6) Verified that both Server Authentication and Client Authentication check
boxes are checked.
7) Bring up an IE and try to hit the same external web site as described in
Server Side Step 3) above. (I don’t have BizTalk installed on my client
machine.). A “Choose a digital certificate” window pops up but no
certificate is available from the list. Click OK and I got 403 error.
8) Run the sample application that I posted in my first message. I got 403
error also.
I just don’t know where I mess up the setup process. I follow all standard
procedures but … Could you please help me again?
Thanks a lot.
Abel
"Dominick Baier [DevelopMentor]" wrote:
> Hello Abel,
>
> is the CA trusted on both client and server?
>
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hi Dominick,
> >
> > Thanks to your prompt response. I really appreciate it.
> >
> > I took the suggestion stated at
> > http://www.leastprivilege.com/IIS6AndClientCertificates.aspx
> >
> > and enabled the Client Authentication under Thawte Premium Server CA.
> > Now if I look at the offical Thawte client cer property, I can see
> > both Server and Client Authentication are checked.
> >
> > However, I am still getting the same 403 error when I ran the code.
> > If I bring up my IE, I still can't see my client cert as an available
> > option. Did I miss a step?
> >
> > Thanks.
> >
> > Abel
> >
> > "Dominick Baier [DevelopMentor]" wrote:
> >
> >> Hello Abel,
> >>
> >> maybe this helps:
> >> http://www.leastprivilege.com/IIS6AndClientCertificates.aspx
> >> ---------------------------------------
> >> Dominick Baier - DevelopMentor
> >> http://www.leastprivilege.com
.
- Follow-Ups:
- References:
- Getting 403 Forbidden error. Client Cert didn't sent
- From: Abel Chan
- Re: Getting 403 Forbidden error. Client Cert didn't sent
- From: Dominick Baier [DevelopMentor]
- Re: Getting 403 Forbidden error. Client Cert didn't sent
- From: Abel Chan
- Re: Getting 403 Forbidden error. Client Cert didn't sent
- From: Dominick Baier [DevelopMentor]
- Getting 403 Forbidden error. Client Cert didn't sent
- Prev by Date: Re: Login Controls with Asp / Asp.net 1.1
- Next by Date: RE: Calling LogonUSer Against a Remote Domain
- Previous by thread: Re: Getting 403 Forbidden error. Client Cert didn't sent
- Next by thread: Re: Getting 403 Forbidden error. Client Cert didn't sent
- Index(es):
Relevant Pages
|
