Why does IIS Give clients 403 Forbidden Errors?

Points of My Scenario
1. I am admin of a IIS7 web server on Windows Server 2008 R2.
2. Clients connect to the server's website using HTTPS
3. When the website is configured to "Require SSL" and to accept client certificates, clients (browsers) get a HTTP 403 Forbidden error when connecting by HTTPS.
4. When the "Require SSL" setting is removed from the website, clients can successfully connect, although using HTTPS again.
QUESTION: If clients are using HTTPS in both cases, why do they fail when the website is configured to "Require SSL"?
waltforbesSenior IT SpecialistAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Hendrik WieseConnect With a Mentor Information Security ManagerCommented:
This is obviously a permission issue.

You can view all the forbidden codes here and select the KB within the code description to see the resolution.
0
 
Hendrik WieseInformation Security ManagerCommented:
have you created the SSL Certificate in IIS7?
0
 
Hendrik WieseInformation Security ManagerCommented:
You can click here for full instruction on how to setup SSL on IIS7.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
waltforbesSenior IT SpecialistAuthor Commented:
To HendrikWiese: I have acquired a certificate from our CA (certificate authority) and binded it to the website successfully: note that clients can access the website by HTTPS successfully. The problem arises only when the website is configured to require SSL. I have verified the instructions you sent in the link (http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/).
0
 
Hendrik WieseInformation Security ManagerCommented:
Please have a look at the following and let me know if it helps?

http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_26561310.html
0
 
Hendrik WieseInformation Security ManagerCommented:
Have you tried the following:

To resolve this problem, follow these steps:1.In Windows Explorer, locate the folder of the virtual directory, or locate the folder of the Web site.
2.Right-click the folder, and then click Properties.
3.Click the Security tab, and then click Edit.
4.In the Group or user names box, click the account to which you want to grant the Write permission, and then click to select the Write check box.
5.Click OK.

Reference: http://support.microsoft.com/kb/942035
0
 
waltforbesSenior IT SpecialistAuthor Commented:
HendrikWiese: the codes are what I needed most. Many thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.