Error message: HTTP 403.13 Forbidden: client certificate revoked

Article translations Article translations
Article ID: 248058
This article was previously published under Q248058
Expand all | Collapse all

Symptoms

When you attempt to access an Internet resource, one of the following error messages may be displayed in the Web browser:
HTTP 403.13 Forbidden: Client certificate revoked

The page requires a valid client certificate

Cause

An HTTP 403.13 error message is returned when a resource that the user is attempting to access requires a valid client certificate that the server recognizes. This client certificate must be installed in the Web browser, because it is used to authenticate the user of that browser as a valid user of the resource.

The error message can also occur if IIS is unable to contact the server that stores the Certificate Revocation List (CRL) when checking for revoked certificates. If a CRL server is unreachable, the certificates are presumed to be revoked.

Resolution

In the Web browser that is displaying the error, install a certificate from a recognized Certificate Authority (CA). If a certificate from a valid CA is installed, then contact that CA to verify the certificate has not been revoked, and that their CRL store is online.

If the certificate was created with Microsoft's Certificate Server, you will want to verify that the IIS server is able to directly see the Certificate Server. You can verify the path under the CRL Distribution Points and verify that the path is accessible from the IIS server. To do this, follow these steps:
  1. In the Certificates Snap-in, expand Certificates, and then expand Personal.
  2. Under the Certificates folder, double-click the certificate you are verifying, and then click the Details tab.
  3. Verify the paths under the CRL Distribution Points.
  4. Check the paths by trying to access them through Windows Explorer, (from Start, click Run or Internet Explorer).
  5. If the paths are not accessible from the IIS server, then it is necessary to rectify the connection to allow the IIS server to connect to the Certificate Server.

More information

For more information on how to quickly install a certificate from a recognized Certificate Authority (CA), click the following article number to view the article in the Microsoft Knowledge Base:
297681 Error message: This security certificate was issued by a company that you have not chosen to trust
For more information on using Digital Certificates with Microsoft Internet Explorer, see the following Knowledge Base article:
195724 Description of digital certificates
For more information on Certificate Revocation List (CRL) and IIS 5.0, see the following Knowledge Base article:
289749 Certificate Revocation Lists (CRLs) and IIS 5.0 frequently asked questions

Properties

Article ID: 248058 - Last Review: July 31, 2012 - Revision: 2.0
Keywords: 
kbprb kbprod2web KB248058
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com