This article describes the HTTP 403.7 error message. If you are an end-user who has encountered this error, we recommend that you ask the site administrator for instructions on how to obtain the correct client certificate.
In this article
You have a website that is hosted on Internet Information Services (IIS). When you go to the website in a web browser, you may receive an error message that resembles the following:
HTTP Error 403
403.7 Forbidden: Client certificate required
This error occurs when the website requests a client certificate, and then the client either does not provide one or the certificate supplied by the client browser is rejected. Client certificates are a kind of Secure Sockets Layer (SSL) certificate typically used to identify a user or computer to a website.
The following are several possible causes of this problem:
Depending on the cause of your problem, try one of the following resolutions:
Note Client certificate authentication may be enabled where it is not required. If you intended only to require TLS/SSL communications, then you need only a server certificate. You can disable client certificate authentication by using the resolution in the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/942067/ )Error message when you try to run a Web application that is hosted on a server that is running IIS 7.0: "HTTP Error 403.7 - Forbidden"
To check whether the server running IIS considers the certificate valid, you can follow these steps:
To resolve this issue, install the root certification authority certificate manually. To do this, follow these steps:
Note Intermediate CA certificates should be installed in the Intermediate Certification Authorities store rather than in the Trusted Roots store. Any certification authority certificate whose Issued by and Issued to values are not the same (and therefore the certificate is not at the top of the hierarchy) is known as an "Intermediate CA."
Article ID: 186812
Last review: July 3, 2014