?
Solved

requires client certificate authentification error message?

Posted on 2009-07-08
10
Medium Priority
?
191 Views
Last Modified: 2012-05-07
Hi,

we have a series on monitors that check Intranet URLs every 30 minutes. We got an error this morning retrieving one of the URLs and the message back was "requires client certificate authentification".
The program didn't actually fail. Have a look at the URL that we use to do the check:
https://IPADDRESS/Originations/OriginationsService.asmx
So, you can see by the HTTPS that is it certificate based but what would throwup the error? It is the same system that checks the URL all the time so i don't understand the failure?
Many thanks.
0
Comment
Question by:Jason Thomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:marcustech
ID: 24802281
Maybe the certificate has become corrupt or expired? Can you try and reinstall the certificate?
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24802320
That's just the thing. It is now working. What di=oes, or did that error mean then?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24802365
SSL uses client authetication for security, if the certificates on the server and client are out of sync then you will get this message.

If it's working now, I imagine the server has issues a new accepted certificate to the client, and you shouldn't need to worry anymore.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:Jason Thomas
ID: 24802746
Thanks mate. Is there any way that i can tell whether the certificate on teh server has been updated recently, via stamp date etc etc?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24803187
you can go to the page, click on the padlock to view the certificate and check the issued/expiry dates
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24803211
Forgot to mention it will be the server that will be handing out the authetication certificates to the clients. It won't have changed, it would be the clients which have. You can check this with the above mentioned method.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24804332
Hello, thanks fo rthe info. I've checked teh certificate on teh client and it's not due to expire until september 09. Is it not possible that the cerver certificate changed but the client didn't down load it?
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 300 total points
ID: 24804596
Can also try Internet Options - Content tab - Clear SSL State button and close/reopen browser.

there may also be a chance that someone changed something on the server to require the client auth certificate where it did not before.

another possibility is if the script changed the user context that it was running under (now running as user instead of computer account, or as a different user)
0
 
LVL 12

Accepted Solution

by:
marcustech earned 1700 total points
ID: 24804709
It's unlikely the server's certificate changed if other clients didn't receive the same notification.

If you check on the client when the certificate was issued on a machine which didn't receive the message, and the issue date is older than when the message occured and no message has been generated in that session then it suggests the server and the client are still in sync and therefore the server certificate hasn't changed since it was issued. In which case it was the client in which the message appeared on who's certificate had become changed. If it's no longer coming up, then the server has issued a new certificate and everything should now be ok.
0
 
LVL 1

Author Closing Comment

by:Jason Thomas
ID: 31601035
Thanks very much guys.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question