Solved

SSL client certificate is required

Posted on 2008-10-09
8
1,450 Views
Last Modified: 2008-11-27
We have several web sites that are password protected and SSL enabled, but not PKI enabled.  A few users from one of our hosted sites state that they are being prompted to provide PKI credentials when trying to access the site.  Our server is running Windows 2003.  We are ignoring certificates and using basic authentication.  The following is the error what the users receive:

HTTP Error 403.7 - Forbidden: SSL client certificate is required
 
As you probably know, PKI settings are established server-wide and not by individual site.  We have over 100 password protected/SSL enabled sites on the same web server.  None of the other hosted web sites are experiencing the same problem.  Is it same to assume that the problem is not a server issue, but with the users browser or perhaps required by a firewall setting?  If so, do you know of a solution?
 
Any information is greatly appreciated.
0
Comment
Question by:John Sheehy
  • 3
  • 3
8 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22687159
SSL indicates PKI - PKI is anything certificate related, which SSL uses certs.  PKI settings CAN be established server wide, but are normally set for individual sites.  The cert may apply to the whole server, but whether to force SSL, etc. is a setting for the site as you want your password pages SSL enabled, but typically not the entire site as this would result in major performance issues.

This type of setting for requesting client certs can be enabled for an individual page.  Presuming IIS, open up the page and look on the File Security tab, then click Edit under Secure Communications, then see if it may be set for "requre client certificates".  If not here, then work your way up the tree for the site and see if the same may exist, it may be under Directory Security tab for other areas.
0
 

Author Comment

by:John Sheehy
ID: 22710935
We are hosting our websites using Windows SharePoint Services 2.0.  We are also using host headers.  We have one virtual server that hosts all of the SSL enabled websites.  I have verified on the virtual server settings under the secure communications section that we are ignoring client certificates.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22720315
Here's a guide for how to do this with sharepoint:
http://office.microsoft.com/en-us/sharepointportaladmin/HA011647711033.aspx
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:John Sheehy
ID: 22722128
Thank you for the URL.  I have verified that our configuration of the certificate is correct.  However, the content manager of one of our hosted sites is still being prompted for PKI credentials.

I am going to research to see if the problem is with the user's browser.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22731568
Might see if they have SSO (single sign on) or something where it might be prompting them for their PIN to access that?  Maybe they just don't use it for many things.  I know the smartcard software I used to test for was managed so the users may or may not have enrolled their own page - some pop up automatically and some are done on demand for training a page for recognition.  Our SSO was stored on the card, but there are plenty of other SSO products that are not smartcard enabled.

Maybe have them try on another box, another user account, etc.
0
 

Author Comment

by:John Sheehy
ID: 22740619
Roger that.  Thank you for the information
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Anyone paid a Zepto/Locky ransom? 10 419
How to keep a password file on your Windows PC? 21 212
Windows 10 BitLocker 3 47
Data Encryption 3 37
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question