Solved

requires client certificate authentification error message?

Posted on 2009-07-08
10
175 Views
Last Modified: 2012-05-07
Hi,

we have a series on monitors that check Intranet URLs every 30 minutes. We got an error this morning retrieving one of the URLs and the message back was "requires client certificate authentification".
The program didn't actually fail. Have a look at the URL that we use to do the check:
https://IPADDRESS/Originations/OriginationsService.asmx
So, you can see by the HTTPS that is it certificate based but what would throwup the error? It is the same system that checks the URL all the time so i don't understand the failure?
Many thanks.
0
Comment
Question by:Jason Thomas
  • 5
  • 4
10 Comments
 
LVL 12

Expert Comment

by:marcustech
ID: 24802281
Maybe the certificate has become corrupt or expired? Can you try and reinstall the certificate?
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24802320
That's just the thing. It is now working. What di=oes, or did that error mean then?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24802365
SSL uses client authetication for security, if the certificates on the server and client are out of sync then you will get this message.

If it's working now, I imagine the server has issues a new accepted certificate to the client, and you shouldn't need to worry anymore.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24802746
Thanks mate. Is there any way that i can tell whether the certificate on teh server has been updated recently, via stamp date etc etc?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 24803187
you can go to the page, click on the padlock to view the certificate and check the issued/expiry dates
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 12

Expert Comment

by:marcustech
ID: 24803211
Forgot to mention it will be the server that will be handing out the authetication certificates to the clients. It won't have changed, it would be the clients which have. You can check this with the above mentioned method.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 24804332
Hello, thanks fo rthe info. I've checked teh certificate on teh client and it's not due to expire until september 09. Is it not possible that the cerver certificate changed but the client didn't down load it?
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 75 total points
ID: 24804596
Can also try Internet Options - Content tab - Clear SSL State button and close/reopen browser.

there may also be a chance that someone changed something on the server to require the client auth certificate where it did not before.

another possibility is if the script changed the user context that it was running under (now running as user instead of computer account, or as a different user)
0
 
LVL 12

Accepted Solution

by:
marcustech earned 425 total points
ID: 24804709
It's unlikely the server's certificate changed if other clients didn't receive the same notification.

If you check on the client when the certificate was issued on a machine which didn't receive the message, and the issue date is older than when the message occured and no message has been generated in that session then it suggests the server and the client are still in sync and therefore the server certificate hasn't changed since it was issued. In which case it was the client in which the message appeared on who's certificate had become changed. If it's no longer coming up, then the server has issued a new certificate and everything should now be ok.
0
 
LVL 1

Author Closing Comment

by:Jason Thomas
ID: 31601035
Thanks very much guys.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now