Iis Require Ssl 403 Error
Contents |
Web Platform Installer Get Help: Ask a Question in our Forums More Help Resources Blogs Forums Home IIS.NET Forums IIS 7 and Above General Attempt to implement SSL in IIS 7.0 returns 403 - Forbidden: Access i... Attempt to implement SSL in IIS 403 forbidden access is denied iis7 client certificate 7.0 returns 403 - Forbidden: Access is denied error. RSS 11 replies Last post Jun iis require ssl 403 - forbidden access is denied 18, 2014 09:46 AM by joeller ‹ Previous Thread|Next Thread › Print Share Twitter Facebook Email Shortcuts Active Threads Unanswered Threads Unresolved Threads http error 403.7 - forbidden ssl client certificate is required Advanced Search Reply joeller 62 Posts Attempt to implement SSL in IIS 7.0 returns 403 - Forbidden: Access is denied error. May 29, 2014 04:51 PM|joeller|LINK I have a server created on a VirtualBox Virtual Machine using Windows ssl 403 forbidden error Server 2008 R2 SP1. I have implemented IIS on this server. Windows Firewall is turned off. The VM resides on a Windows 7 SP 1 host machine. Both OS are using IE8, (as that is the latest version that the customer will be using). I am attempting to implement SSL on a web application under the DefaultWebSite web site. Aself-signed server certificate was created and added it to the Default Web Site. I also verified that the
403.7 - Client Certificate Required
binding for the DefaultWebSite was set to 443 for SSL using that same certificate. I verified that this web app under theDefaultWebSite saw the same certificate. SSL is enabled on the web app.It is easy to connect to the web app from IEserver and on the host (client), when it was NOT SSL configured. Then it easy to open the web app from IE on the server and on the host (client)when SSL was enabled butset to ignoreclient certificates. However when I tried to get it to request client certificates from the host machine and pass that on the the web app I started having problems. At first I could not get it to request client certificates. I decided, based on MSDN pages, that was because the root certificate for my client certificate did not exist on the server. First I had to recreate the Root Certificate Authority of all of our certificates on the server. Did that. Then I had to put the Root Certificate authority in the Trusted Root Authorities folder for "Local Computer" on the server. Did that. Then I had to put the all the Intermediate Certificates Authorities into the corresponding "Intermediate Certificates Authorities" folder of the Local Computer on the server.Did that.However,a call to the web from the host machine (client)still did not request the client certifcates. So I followed Jason
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this
403 Forbidden Client Certificate
site About Us Learn more about Stack Overflow the company Business Learn clientauthtrustmode more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x iis client certificate mapping authentication Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up IIS https://forums.iis.net/t/1213150.aspx?Attempt+to+implement+SSL+in+IIS+7+0+returns+403+Forbidden+Access+is+denied+error+ Client certificate not working. Returns 403 error up vote 3 down vote favorite 2 I'm trying to setup IIS 8 (Windows Server 2012) to accept client certificates for a secured WebAPI endpoint. Following this post I created a self signed certificate and a client certificate: makecert.exe -r -n "CN=MyCompany" -pe -sv MyCompany.pvk -a sha1 -len 2048 -cy authority MyCompany.cer makecert.exe -iv MyCompany.pvk -ic MyCompany.cer http://stackoverflow.com/questions/23965302/iis-client-certificate-not-working-returns-403-error -n "CN=MY Client" -pe -sv MyClient.pvk -a sha1 -len 2048 -sky exchange MyClient.cer -eku 1.3.6.1.5.5.7.3.2 pvk2pfx.exe -pvk MyClient.pvk -spc MyClient.cer -pfx MyClient.pfx -po THE_PASSWORD I installed the root certificate MyCompany.cer on the IIS server, then on IIS Manager/SSL Settings I selected the "Accept" radio button to allow the website accept client certificates. On the client side a have a C# test console app that loads the client cert MyClient.pfx file and calls the WebAPI endpoint: var certHandler = new WebRequestHandler(); certHandler.ClientCertificateOptions = ClientCertificateOption.Manual; certHandler.UseProxy = false; var certificate = new X509Certificate2(File.ReadAllBytes(@"C:\MyClient.pfx"), "THE_PASSWORD"); certHandler.ClientCertificates.Add(certificate); var client = new HttpClient(certHandler); var result = client.GetAsync("https://MyServer/api/MyEndpoint").Result; string resultStr = result.Content.ReadAsStringAsync().Result; Console.WriteLine(resultStr); I'm getting back a 403 error: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied. I tried the same setup on my local IIS (Windows 7): Imported the MyCompany.cer file, setup SSL in IIS. This time everything works fine and the WebAPI endpoint can see the client certificate with no problem. Any ideas? -- Update 1 I enabled Failed REquest Tracing on IIS and I get this: