Unable to set up client certificate, error 403.7

From: David Carr (David_Carr_at_NoSpamCanada.Com)
Date: 05/03/05

  • Next message: Ken Schaefer: "Re: Unable to set up client certificate, error 403.7" 
    Date: Mon, 2 May 2005 16:46:33 -0700

    Hi,

    I am trying to set up a simple test case, following verbatim MS's tutorial
    "How To Set Up Client Certificates".
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod31.asp
    Unfortunately I am not having success.

    My configuration is as follows; IIS is run on my Windows 2000 Professional
    (NOT server) developer machine, and the client is viewing the simple
    WebForm1.aspx which extracts the username and tests whether the request had
    a client certificate. The client is a Win2K box running IE6. Neither of
    these machines are in a domain.

    private void Page_Load(object sender, System.EventArgs e)
    {
        string username;
        username = User.Identity.Name;
        if (username.Length <= 0)
            username = "User.Identity.Name is blank";
        lblMessage.Text = "Welcome " + username;
        HttpClientCertificate cert = Request.ClientCertificate;
        if (cert.IsPresent)
            certData.Text = "Client certificate retrieved";
        else
            certData.Text = "No client certificate yet";
    }

    The Client Certificate was requested from a Windows 2000 Server (different
    box than my box where IIS and the code above is run). This server is
    running Certificate Services as a Stand Alone CA.

    When IIS is configured to simply "Accept client certificates", the
    User.Identity.Name is blank and there is no client certificate. When IIS is
    changed to "Require client certificates", I receive an error HTTP 403.7
    stateing that "the page requires a client certificate".

    This problem seems identical to that discussed ("Client certificate
    problem") and unresolved by Felix Planjer/Miha Pihler/brik on 2004.Dec.14 in
    this newsgroup.
    http://groups.google.ca/groups?selm=unwTLRc4EHA.3388%40TK2MSFTNGP15.phx.gbl
    Unfortunately their thread was never terminated with a resolution.

    Any help would be much appreciated. Best regards,
    David

  • Next message: Ken Schaefer: "Re: Unable to set up client certificate, error 403.7"

    Relevant Pages

    • Strange IIS 5 problem with client certificates
      ... We are having a strange IIS 5.0 problem involving client certificates. ... We have a system with a central server running Win2K and IIS 5.0, ... HTTPS, authenticate themselves via client certificate, and then POST data to ...
      (microsoft.public.inetserver.iis.security)
    • Re: IIS 6.0 cannot download a Verisign CRL !!
      ... Does the IIS server have outbound permission through its proxy? ... > using Verisign client certificates for a .NET application. ... > The revocation function was unable to check revocation because the ... > Your client certificate was revoked, or the revocation status could not ...
      (microsoft.public.security)
    • FP2003 and IIS 6.0 With Client Certificates Fails
      ... CertCheckMode to 1 on the server. ... (that's how my similarly-configured IIS 5.0 server works, ... the client certificate and the web site fails to open, ...
      (microsoft.public.frontpage.client)
    • RE: Set client certificate is IIS
      ... Install Client Certificate on IIS Server for ServerXMLHTTP ... |>This example uses a serialized certficate store because ...
      (microsoft.public.inetserver.iis.security)
    • RE: HTTPS Send Port + Client Certificate Authentication
      ... errors defined in IIS are: ... - Client certificate required. ... This error code is specific to IIS 6.0. ... If the web server is IIS6 on Win2K3, you can collect the web site's ...
      (microsoft.public.biztalk.general)
    • Quantcast