Solved

requires client certificate authentification error message?

Posted on 2009-07-08
10
178 Views
Last Modified: 2012-05-07
Hi,

we have a series on monitors that check Intranet URLs every 30 minutes. We got an error this morning retrieving one of the URLs and the message back was "requires client certificate authentification".
The program didn't actually fail. Have a look at the URL that we use to do the check:
https://IPADDRESS/Originations/OriginationsService.asmx
So, you can see by the HTTPS that is it certificate based but what would throwup the error? It is the same system that checks the URL all the time so i don't understand the failure?
Many thanks.
0
Comment
Question by:Jason Thomas
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:marcustech
ID: 24802281
Maybe the certificate has become corrupt or expired? Can you try and reinstall the certificate?
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24802320
That's just the thing. It is now working. What di=oes, or did that error mean then?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24802365
SSL uses client authetication for security, if the certificates on the server and client are out of sync then you will get this message.

If it's working now, I imagine the server has issues a new accepted certificate to the client, and you shouldn't need to worry anymore.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24802746
Thanks mate. Is there any way that i can tell whether the certificate on teh server has been updated recently, via stamp date etc etc?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24803187
you can go to the page, click on the padlock to view the certificate and check the issued/expiry dates
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 12

Expert Comment

by:marcustech
ID: 24803211
Forgot to mention it will be the server that will be handing out the authetication certificates to the clients. It won't have changed, it would be the clients which have. You can check this with the above mentioned method.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24804332
Hello, thanks fo rthe info. I've checked teh certificate on teh client and it's not due to expire until september 09. Is it not possible that the cerver certificate changed but the client didn't down load it?
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 75 total points
ID: 24804596
Can also try Internet Options - Content tab - Clear SSL State button and close/reopen browser.

there may also be a chance that someone changed something on the server to require the client auth certificate where it did not before.

another possibility is if the script changed the user context that it was running under (now running as user instead of computer account, or as a different user)
0
 
LVL 12

Accepted Solution

by:
marcustech earned 425 total points
ID: 24804709
It's unlikely the server's certificate changed if other clients didn't receive the same notification.

If you check on the client when the certificate was issued on a machine which didn't receive the message, and the issue date is older than when the message occured and no message has been generated in that session then it suggests the server and the client are still in sync and therefore the server certificate hasn't changed since it was issued. In which case it was the client in which the message appeared on who's certificate had become changed. If it's no longer coming up, then the server has issued a new certificate and everything should now be ok.
0
 
LVL 1

Author Closing Comment

by:Jason Thomas
ID: 31601035
Thanks very much guys.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now