Solved

SSL client certificate is required

Posted on 2008-10-09
8
1,391 Views
Last Modified: 2008-11-27
We have several web sites that are password protected and SSL enabled, but not PKI enabled.  A few users from one of our hosted sites state that they are being prompted to provide PKI credentials when trying to access the site.  Our server is running Windows 2003.  We are ignoring certificates and using basic authentication.  The following is the error what the users receive:

HTTP Error 403.7 - Forbidden: SSL client certificate is required
 
As you probably know, PKI settings are established server-wide and not by individual site.  We have over 100 password protected/SSL enabled sites on the same web server.  None of the other hosted web sites are experiencing the same problem.  Is it same to assume that the problem is not a server issue, but with the users browser or perhaps required by a firewall setting?  If so, do you know of a solution?
 
Any information is greatly appreciated.
0
Comment
Question by:John Sheehy
  • 3
  • 3
8 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22687159
SSL indicates PKI - PKI is anything certificate related, which SSL uses certs.  PKI settings CAN be established server wide, but are normally set for individual sites.  The cert may apply to the whole server, but whether to force SSL, etc. is a setting for the site as you want your password pages SSL enabled, but typically not the entire site as this would result in major performance issues.

This type of setting for requesting client certs can be enabled for an individual page.  Presuming IIS, open up the page and look on the File Security tab, then click Edit under Secure Communications, then see if it may be set for "requre client certificates".  If not here, then work your way up the tree for the site and see if the same may exist, it may be under Directory Security tab for other areas.
0
 

Author Comment

by:John Sheehy
ID: 22710935
We are hosting our websites using Windows SharePoint Services 2.0.  We are also using host headers.  We have one virtual server that hosts all of the SSL enabled websites.  I have verified on the virtual server settings under the secure communications section that we are ignoring client certificates.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22720315
Here's a guide for how to do this with sharepoint:
http://office.microsoft.com/en-us/sharepointportaladmin/HA011647711033.aspx
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:John Sheehy
ID: 22722128
Thank you for the URL.  I have verified that our configuration of the certificate is correct.  However, the content manager of one of our hosted sites is still being prompted for PKI credentials.

I am going to research to see if the problem is with the user's browser.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22731568
Might see if they have SSO (single sign on) or something where it might be prompting them for their PIN to access that?  Maybe they just don't use it for many things.  I know the smartcard software I used to test for was managed so the users may or may not have enrolled their own page - some pop up automatically and some are done on demand for training a page for recognition.  Our SSO was stored on the card, but there are plenty of other SSO products that are not smartcard enabled.

Maybe have them try on another box, another user account, etc.
0
 

Author Comment

by:John Sheehy
ID: 22740619
Roger that.  Thank you for the information
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now