Solved

requires client certificate authentification error message?

Posted on 2009-07-08
10
183 Views
Last Modified: 2012-05-07
Hi,

we have a series on monitors that check Intranet URLs every 30 minutes. We got an error this morning retrieving one of the URLs and the message back was "requires client certificate authentification".
The program didn't actually fail. Have a look at the URL that we use to do the check:
https://IPADDRESS/Originations/OriginationsService.asmx
So, you can see by the HTTPS that is it certificate based but what would throwup the error? It is the same system that checks the URL all the time so i don't understand the failure?
Many thanks.
0
Comment
Question by:Jason Thomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:marcustech
ID: 24802281
Maybe the certificate has become corrupt or expired? Can you try and reinstall the certificate?
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24802320
That's just the thing. It is now working. What di=oes, or did that error mean then?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24802365
SSL uses client authetication for security, if the certificates on the server and client are out of sync then you will get this message.

If it's working now, I imagine the server has issues a new accepted certificate to the client, and you shouldn't need to worry anymore.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 1

Author Comment

by:Jason Thomas
ID: 24802746
Thanks mate. Is there any way that i can tell whether the certificate on teh server has been updated recently, via stamp date etc etc?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24803187
you can go to the page, click on the padlock to view the certificate and check the issued/expiry dates
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24803211
Forgot to mention it will be the server that will be handing out the authetication certificates to the clients. It won't have changed, it would be the clients which have. You can check this with the above mentioned method.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24804332
Hello, thanks fo rthe info. I've checked teh certificate on teh client and it's not due to expire until september 09. Is it not possible that the cerver certificate changed but the client didn't down load it?
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 75 total points
ID: 24804596
Can also try Internet Options - Content tab - Clear SSL State button and close/reopen browser.

there may also be a chance that someone changed something on the server to require the client auth certificate where it did not before.

another possibility is if the script changed the user context that it was running under (now running as user instead of computer account, or as a different user)
0
 
LVL 12

Accepted Solution

by:
marcustech earned 425 total points
ID: 24804709
It's unlikely the server's certificate changed if other clients didn't receive the same notification.

If you check on the client when the certificate was issued on a machine which didn't receive the message, and the issue date is older than when the message occured and no message has been generated in that session then it suggests the server and the client are still in sync and therefore the server certificate hasn't changed since it was issued. In which case it was the client in which the message appeared on who's certificate had become changed. If it's no longer coming up, then the server has issued a new certificate and everything should now be ok.
0
 
LVL 1

Author Closing Comment

by:Jason Thomas
ID: 31601035
Thanks very much guys.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question