Hi
I have placed my web application on a web server that runs IIS 6.0 on windows server 2003 Standard Edition. I have assigned an SSL certificate to the site and set it to require secure channel (SSL) and to require client certificates for authentication. The SSL server certificate is correctly installed with every other certificate in the the certificate path correctly placen in its apropriate certificate store trusted root and intermediate. The client certificate is installed and working properly as well. When i remove the option require client certificate and put the ignore or accept client certificate i can acces the web page through HTTPS, but whe the option require client certificate is selected i recieve the message "The page requires a valid SSL client certificate" with the error "HTTP Error 403.13 - Forbidden: Client certificate has been revoked on the Web server.". The client certificate is valid and has not been revoked and the server certificate is valid as well.
In my next step i downloaded the client certificate "Certificate Revocation List (CRL)" and placed it in the personal certificate store on the local computer where the server certificate is placed and at that point i was allowed access to the web page with the option require client certificate selected on the IIS. The problem is that the list i downloaded is static and the list on the CA server is updated every 3 hours so this won't do me much good.
The web server is behind ISA Server 2004 with rule set to Enable All Outbound Traffic for the server where the web application is hosted. When i copry the URL in IExplorer i am allowed to download the CRL.
Can you please help me in finding a solution to this problem
Thanks
Start Free Trial
