IIS 7 and Above
client certificate configuration
Last post Aug 19, 2013 08:55 AM by foru
Aug 13, 2013 09:46 AM|foru|LINK
I'm trying to securise a web access using clients certificates.
But when I pass my IIS in "require" (for the client certificat), I've got a 403
How I tried to configure it :
1) creating a CA certificate with makecert :
makecert.exe -r -n “CN=My CA” -pe -sv MyCA.pvk -a sha1 -len 2048 -b 08/08/2013 -e 08/08/2013 -cy authority MyCA.cer
2) creating a Client certificate :
makecert.exe -iv MyCA.pvk -ic MyCA.cer -n “CN=Client” -pe -sv Client.pvk -a sha1 -len 2048 -b 01/21/2010 -e 01/21/2011 -sky exchange Client.cer -eku 126.96.36.199.188.8.131.52.2
3) creating a pfx file :
pvk2pfx.exe -pvk Client.pvk -spc Client.cer -pfx Client.pfx -po pass
4) with the Certificate MMC (computeur snap-in), addition of MyCA in trusted CA and of Client in "personnal"
5) "require" client certificate in IIS
6) Double-click on my pfx file on my client to install it.
Result : error 403
Can you detect any mistake in my configuration?
Thanks for reading and for your eventual replies
Aug 13, 2013 10:45 AM|lextm|LINK
The CA certificate must be installed on both the server and the client under computer account. Have you done that?
There are many step by step guide that you can find online.
Aug 14, 2013 10:24 AM|foru|LINK
Thanks for your answer
I followed the step by step guide, and it's still not working...
I don't get it, I still have a 403 issue
Aug 14, 2013 12:54 PM|lextm|LINK
Consider opening a support case via http://support.microsoft.com
Aug 19, 2013 04:03 AM|Angie xu - MSFT|LINK
First you could re-do this client certificate configuration according to the link above,
Besides lextm mentioned above, you can also refer the analysis and resolution of
403 error [Common HTTP status codes and the causes]
area, , it will give more specific cause of a 403 error, and follow the resolution to check your settings, I think it will helpful to troubleshoot this problem,
Aug 19, 2013 08:55 AM|foru|LINK
I've tried to re-do the client certificate with the first link
My error is a 403.7 error, but I still don't get how to resolve it !