HTTP 403.13 - Forbidden: Client certificate revoked
Harsha
We are trying to host a secure webservice over IIS 5.0 using server and client authentication certificates.
Here are the details of the steps we followed to setup Client Authent:
1) Created a server certificate request and submitted the same to Verisign.
2) Installed the Verisign supplied test(trial) server ceritificate on the server.
3) Installed the Test CA root certificate on both the server and the client.
At this point we were able to get the secure webservice accessible through HTTPS with only server authentication.
4) Created a client certificate request and submitted the same to Verisign.
5) Installed the Verisign supplied test(trial) client certificate on the client.
6) Enabled the 'Require Client Certificates' option in the IIS Directory Security for the Virtual Directory where the webservice components(Activex DLL, wsdl, wsml etc) are placed.
At this point when we tried to access the Webservice, we get a 'HTTP 403.13 - Forbidden: Client certificate revoked' error.
We even tried to access the wsdl file using browser by typing in https://<server>:8443/<VirtualDirectory>/Server/server.wsdl, but we get the same error even with the HTTP GET method which again says - HTTP 403.13 - Forbidden: Client certificate revoked.
We later read an article in msdn (Article no. 294305) which talks abou this error.
We later retrievd the CRL(Certificate Revocation List) rom verisign (http://crl.verisign.com/SecureServerTestingCA.crl) and verified that the serial no. of our client certificate is not listed in the CRL, so this confirms that the certificate has not been revoked.
Any idea why we get this error message still ?
Any help in this regard is greatly appreciated.
Thanks in advance...
Thanks & Regards,
Harsha.
rao202
Hi,
We are developing a web application that use mutual authentication and
encountered the same problem.
The IIS replies that the client certificate is revoked, but we check
the CRL points of entry and they are accesible.
In a second phase we install the first (top) CRL suggested in the
server, and obviously we check that the test certificate is not in the
list, but the problem persist.
Any ideas of the problem or suggestions?? Thank you.
--
rao202
------------------------------------------------------------------------
rao202's Profile: http://www.highdots.com/forums/m1414
View this thread: http://www.highdots.com/forums/t682534
taddub
Did you ever manage to solve this as I am having the same problem.
Cheers
Tad
Sebas
We recently had some problems in IIS when using certificate
authentication in a .NET application to connect with IIS.
ohaya
MS has a couple of tools that might help you diagnose the problem:
I haven't used AuthDiag myself, but when you run SSLDiag, it shows a
bunch of IIS settings and info, which might highlight something. Also,
I think that it has a way to act as the SSL client end.
Another possible tool is to use OpenSSL 'sclient'. When you run that,
it shows all of the client-server dialog, and you might find something
there.
When you said that "we install the first (top) CRL in the server", what
did you mean by that (install in the server)? Also, since you indicated
"top", is there a subCA/intermediate CA(s) involved? If so, have you
checked the sub/intermediate CAs CRLs to see if your client cert is in
them?
Jim
Vibhu Gupta
Posted via DevelopmentNow.com Groups
http://www.developmentnow.com/g/