Http Error Codes 403.13
360 games PC games Windows games Windows phone games Entertainment All Entertainment Movies & TV Music Business & Education Business Students & educators Developers Sale Sale Find a store Gift cards Products Software & services Windows Office Free downloads & security Internet Explorer Microsoft Edge Skype OneNote OneDrive Microsoft Health MSN Bing Microsoft Groove Microsoft Movies & TV Devices & Xbox All Microsoft devices Microsoft Surface All Windows PCs & tablets PC accessories Xbox & games Microsoft Lumia All Windows phones Microsoft HoloLens For business Cloud Platform Microsoft Azure Microsoft Dynamics Windows for business Office for business Skype for business Surface for business Enterprise solutions Small business solutions Find a solutions provider Volume Licensing For developers & IT pros Develop Windows apps Microsoft Azure MSDN TechNet Visual Studio For students & educators Office for students OneNote in classroom Shop PCs & tablets perfect for students Microsoft in Education Support Sign in Cart Cart Javascript is disabled Please enable javascript and refresh the page Cookies are disabled Please enable cookies and refresh the page CV: {{ getCv() }} English (United States) Terms of use Privacy & cookies Trademarks © 2016 Microsoft
or outdated Difficult to follow Other Comments:(Max 1000 chars) Would you like a response? Email is required. Email: KB01340 - 403.13 forbidden - certificate error mismatched address Product: PI Web Services Version(s): Any Platform: Windows Server 2008 / Windows Server 2012 Issue When trying to access PI Web Services configured with client certificates, the client receives one of these error messages: Error 403.13 forbidden - certificate error mismatched address 403.13 Your client certificate was revoked or the revocation status could not be determined This https://support.microsoft.com/en-us/kb/294305 can happen when the web server is unable to communicate with the Certificate Revocation List (CRL) because of a firewall or no internet access. Solution Follow the instructions in the Microsoft Article: https://support.microsoft.com/en-us/kb/294305. Workaround If you do not have internet access, or your IT department had limited it intentionally, work with your IT department to disable Client Certificate https://techsupport.osisoft.com/Troubleshooting/KB/KB01340 Revocation. Note that turning CRL checking off is not a security best practice. However, some organizations may choose to disable CRL checking or configure it to behave in a specific way. For IIS 6: The simplest way to disable the CRL check is by using adsutil.vbs, located in the \inetpub\adminscripts folder. The following command will disable the CRL check for the first web site: cscript adsutil.vbs SET w3svc/1/CertCheckMode 1 To re-enable CRL checking, use: cscript adsutil.vbs SET w3svc/1/CertCheckMode 0 For IIS 7 and IIS 8: You can disable the client certificate revocation by adding the following DWORD in the registry: Run netsh http show sslcert in the command prompt to verify. Verify Client Certificate Revocation should be disabled. You will need to restart the computer to have this take effect. Taken from: http://blogs.msdn.com/b/kaushal/archive/2012/10/15/disable-client-certificate-revocation-check-on-iis.aspx Background By default, Internet Information Services (IIS) checks to see if the client certificate that is being presented has been revoked. It does this by downloading the client certificate's Certificate Revocation List (CRL) from a Certificate Distribution Point (CDP) that is li
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers http://stackoverflow.com/questions/30728600/ssl-certificate-error-403-13-in-iis-7-5 or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up SSL certificate error 403.13 in IIS 7.5 up vote 1 down vote favorite I'm getting 403.13 in IIS logs, when I'm trying to access my api using the created certificate(sha1). Further I tested the http error same certificate in other test environment it works treat and I get the the XML from the api without any issue. Certificate pfx is installed in Certificate store and in the browser I'm using Windows 2008 R2. Certificate is not been revoked but this issue really made me baffled. I'm new into this, however I think I covered everything interms of my investigation(firewall rules and antivirus and everything) and as its working in other test env and not in the http error codes uat, its really leave me no choice apart asking for help. Not sure what to look at, appreciate if anybody shed some light or give us pointers to investigate. Ta Shoaib internet-explorer iis-7 ssl-certificate sha1 http-status-code-403 share|improve this question asked Jun 9 '15 at 9:47 Cortez Ninja 45211 add a comment| 1 Answer 1 active oldest votes up vote 0 down vote accepted Check if CRLs in certificate chain of client certificate are reachable by the server. Chain has to be build on server side so check if you have all certificates in corresponding stores (root, intermediate ...). certutil command might help you with it. share|improve this answer answered Jun 9 '15 at 11:03 pepo 3,7092717 Thanks for your reply, I can access the crl directly from the server/client using url mentioned in CDP both intermediate and root. Any more thoughts? –Cortez Ninja Jun 9 '15 at 12:30 You can access the CRL as a user or system? IIS runs as a different user. If you have a proxy set then IIS will probably not use it. –pepo Jun 9 '15 at 14:34 add a comment| Your Answer draft saved draft discarded Sign up or log in Sign up using Google Sign up using Facebook Sign up using Email and Password Post as a guest Name Email Post as a guest Name Email discard By posting your answer, you agree to the privacy po