Re: Getting 403 Forbidden error. Client Cert didn't sent

Hi Marshall,

I tried and the certificate now included the option for exporting private
key. I am still getting 403 error. :<

Abel

"thawte" wrote:

> Hi there Abel
>
> I'd advise that you try exporting the SSL certificate again however
> include the option for exporting the private key as well and then try
> the process again. The private key is a very important component in a
> certificate key pair and could be the cause of the problem you
> experience.
>
> Regards
> Marshall
>
> Abel Chan wrote:
> > Hi there,
> >
> > I believe the CA is trusted on both client and server.
> >
> > To be 100% sure, the following is how I setup the certificate:
> >
> > Server side
> > -------------
> > 1) Purchased an official SSL Web Server certificate issued by Thawte Premium
> > Server CA.
> > 2) Installed SSL Web Server certificate on a back up server, which has
> > BizTalk on it.
> > 3) Test the certificate by posting a document to an external web site (https
> > posting) through a BizTalk channel by attaching the SSL Web Server
> > certificate. It passed the test so I am 100% sure the certificate is
> > installed correctly.
> > 4) Export the SSL Web Server certificate without a private key. (I tried
> > with private key before. I don't see any difference. Just to make it simple
> > without a private key)
> >
> > Client side
> > -------------
> > 1) Go to a XP client machine | MMC | Certificate and install the exported
> > certificate into Certificate (Local Computer) | Personal | Certificate.
> > 2) Double click on the certificate and it shows: This certificate is
> > intended for the following purpose(s): Ensures the identity of a remote
> > computer. Proves your identify to a remote computer. All other information
> > is correct including expiration date.
> > 3) Go to Certificate (Local Computer) | Trusted Root Certification
> > Authorities | Certificates. Select Thawte Premium Server CA. Right mouse
> > click Properties and go to the General tab.
> > 4) Check the Client Authentication check box.
> > 5) Go back to Certificate (Local Computer) | Personal | Certificate.
> > Select the installed certificate. Right mouse click Properties and go to the
> > General tab.
> > 6) Verified that both Server Authentication and Client Authentication check
> > boxes are checked.
> > 7) Bring up an IE and try to hit the same external web site as described in
> > Server Side Step 3) above. (I don't have BizTalk installed on my client
> > machine.). A "Choose a digital certificate" window pops up but no
> > certificate is available from the list. Click OK and I got 403 error.
> > 8) Run the sample application that I posted in my first message. I got 403
> > error also.
> >
> > I just don't know where I mess up the setup process. I follow all standard
> > procedures but ... Could you please help me again?
> >
> > Thanks a lot.
> >
> > Abel
> >
> >
> > "Dominick Baier [DevelopMentor]" wrote:
> >
> > > Hello Abel,
> > >
> > > is the CA trusted on both client and server?
> > >
> > >
> > > ---------------------------------------
> > > Dominick Baier - DevelopMentor
> > > http://www.leastprivilege.com
> > >
> > > > Hi Dominick,
> > > >
> > > > Thanks to your prompt response. I really appreciate it.
> > > >
> > > > I took the suggestion stated at
> > > > http://www.leastprivilege.com/IIS6AndClientCertificates.aspx
> > > >
> > > > and enabled the Client Authentication under Thawte Premium Server CA.
> > > > Now if I look at the offical Thawte client cer property, I can see
> > > > both Server and Client Authentication are checked.
> > > >
> > > > However, I am still getting the same 403 error when I ran the code.
> > > > If I bring up my IE, I still can't see my client cert as an available
> > > > option. Did I miss a step?
> > > >
> > > > Thanks.
> > > >
> > > > Abel
> > > >
> > > > "Dominick Baier [DevelopMentor]" wrote:
> > > >
> > > >> Hello Abel,
> > > >>
> > > >> maybe this helps:
> > > >> http://www.leastprivilege.com/IIS6AndClientCertificates.aspx
> > > >> ---------------------------------------
> > > >> Dominick Baier - DevelopMentor
> > > >> http://www.leastprivilege.com
>
>
.

Relevant Pages

  • Re: Getting 403 Forbidden error. Client Cert didnt sent
    ... I believe the CA is trusted on both client and server. ... the following is how I setup the certificate: ... > Hello Abel, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • HttpWebRequest client certificate private key problem (VB.NET 2002)
    ... I have a valid client certificate with a corresponding private key. ... certificate is in x509 format and the .cer file contains the private ... Q1- What kindof filedoes the CreateFromSignedFile accept? ...
    (microsoft.public.dotnet.security)
  • Re: signing a hash thats been created outside Crypto-API
    ... > This automatically manages acquiring access to the private key contained ... Our requirement is that a user be able to specify a certificate ...
    (microsoft.public.platformsdk.security)
  • Re: "Access denied" on encrypted files after reinstall
    ... Possibly your private ... administrator account would be the recovery agent which is required in W2K. ... to decrypt them. ... the certificate that you can then try to match up to the certificate in the ...
    (microsoft.public.win2000.security)
  • Re: using .p12 and K509 in NET 1.1
    ... the easiest way to do this is to import the certificate via the ... P12 with the private key into the machine store. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)