Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SSL client certificate is required

Posted on 2008-10-09
8
Medium Priority
?
1,579 Views
Last Modified: 2008-11-27
We have several web sites that are password protected and SSL enabled, but not PKI enabled.  A few users from one of our hosted sites state that they are being prompted to provide PKI credentials when trying to access the site.  Our server is running Windows 2003.  We are ignoring certificates and using basic authentication.  The following is the error what the users receive:

HTTP Error 403.7 - Forbidden: SSL client certificate is required
 
As you probably know, PKI settings are established server-wide and not by individual site.  We have over 100 password protected/SSL enabled sites on the same web server.  None of the other hosted web sites are experiencing the same problem.  Is it same to assume that the problem is not a server issue, but with the users browser or perhaps required by a firewall setting?  If so, do you know of a solution?
 
Any information is greatly appreciated.
0
Comment
Question by:John Sheehy
  • 3
  • 3
8 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22687159
SSL indicates PKI - PKI is anything certificate related, which SSL uses certs.  PKI settings CAN be established server wide, but are normally set for individual sites.  The cert may apply to the whole server, but whether to force SSL, etc. is a setting for the site as you want your password pages SSL enabled, but typically not the entire site as this would result in major performance issues.

This type of setting for requesting client certs can be enabled for an individual page.  Presuming IIS, open up the page and look on the File Security tab, then click Edit under Secure Communications, then see if it may be set for "requre client certificates".  If not here, then work your way up the tree for the site and see if the same may exist, it may be under Directory Security tab for other areas.
0
 

Author Comment

by:John Sheehy
ID: 22710935
We are hosting our websites using Windows SharePoint Services 2.0.  We are also using host headers.  We have one virtual server that hosts all of the SSL enabled websites.  I have verified on the virtual server settings under the secure communications section that we are ignoring client certificates.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22720315
Here's a guide for how to do this with sharepoint:
http://office.microsoft.com/en-us/sharepointportaladmin/HA011647711033.aspx
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 

Author Comment

by:John Sheehy
ID: 22722128
Thank you for the URL.  I have verified that our configuration of the certificate is correct.  However, the content manager of one of our hosted sites is still being prompted for PKI credentials.

I am going to research to see if the problem is with the user's browser.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 22731568
Might see if they have SSO (single sign on) or something where it might be prompting them for their PIN to access that?  Maybe they just don't use it for many things.  I know the smartcard software I used to test for was managed so the users may or may not have enrolled their own page - some pop up automatically and some are done on demand for training a page for recognition.  Our SSO was stored on the card, but there are plenty of other SSO products that are not smartcard enabled.

Maybe have them try on another box, another user account, etc.
0
 

Author Comment

by:John Sheehy
ID: 22740619
Roger that.  Thank you for the information
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question