IIS 7 and Above
IIS Client cert issue/bug?
Last post Apr 16, 2018 02:01 PM by Matt Caskey
Apr 13, 2018 05:13 PM|Matt Caskey|LINK
I have a rest service hosted in IIS 10 that uses a client certificate on one of the end points. Under SSL settings I have the client cert as "Ignore" and have an authorization filter on the endpoint. When first deployed thi works fine. However after a
bit of time passes it starts throwing an error:
To fix this I have to change the SSL setting to "Accept" send a request, which comes back as successful, Then change it back to "Ignore". This works for a while, then it stops again. Only fixed by doing the above steps.
I have not been able to find anything like this through google searches. The only solutions I find are to install the root cert on the server, but it is already installed there. Any help would be greatly appreciated.
Apr 16, 2018 02:57 AM|Yuk Ding|LINK
Please check whether the ssl is set correctly:
In addition, do you have self-signed certificate in trusted root authorization? If there do have a self-signed untrusted cert, then IIS is designed to block the request with 0x800b0109 error.
IIS should not return any client certificate error when you set the application to ignore client certificate.
Apr 16, 2018 02:01 PM|Matt Caskey|LINK
Yes, I do have the SSL installed correctly. The self signed cert that signed the client certificate is in the Trusted Root Certificates section. I have quadruple checked that because that was all the posts I found were saying. I know it's installed correctly
because it will work for a while. Then when it stops working toggling the IIS settings to "Accept" then back to "Ignore"(the exact same as when it stopped working) will get it working again. With no other changes at all.
The cert error I'm getting while IIS is set to ignore isn't coming from IIS. It's coming from my Auth filter because IIS is blocking the cert from passing through, so there is no cert when my filter checks for it.