Help and Support
 

powered byLive Search

PRB: Error Message: 403.7 Forbidden: Client Certificate Required

View products that this article applies to.
Article ID:186812
Last Review:July 7, 2008
Revision:4.1
This article was previously published under Q186812
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1)

SYMPTOMS

When you try to establish communication with a Web site that requires client authentication, you may receive the following error messages:
HTTP Error 403
403.7 Forbidden: Client certificate required

Back to the top

CAUSE

This error occurs when the resource that you are trying to access requires that your browser has a client Secure Sockets Layer (SSL) certificate that the server recognizes. This is used for authenticating you as a valid user of the resource. Contact the administrator of the Web server to obtain a valid client certificate.

There are several possible causes of this problem:
The root certificate (certificate authority certificate) of the client certificate issuing server is not installed on the computer that is running IIS.

-or-
The client certificate has expired or the effective time has not been reached.

-or-
The client certificate has been revoked.

Back to the top

RESOLUTION

Depending on the cause of your problem, try one of the following resolutions:
Download the root server certificate in a browser on the server computer. Run the Iisca.exe command line utility that is located in the Inetsrv directory.
Check the effective date on the client certificate and make sure that the date and time has arrived. Check the expiration date and make sure that the certificate has not expired.
Contact your certificate authority to see if your certificate has expired.

Back to the top

MORE INFORMATION

Microsoft Internet Explorer 4.0 and IIS 4.0 store their root certificates in different locations of the registry. The Iisca.exe utility synchronizes the two root certificate stores.

Back to the top

APPLIES TO
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0

Back to the top

Keywords: 
kbprb kbprod2web KB186812

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.