Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 403.13 - Forbidden"


Symptoms


You have a Web site that is hosted on Internet Information Services (IIS) 7.0. When you visit the Web site in a Web browser, you may receive an error message that resembles one of the following:
Error message 1
Server Error in Application "application name"
HTTP Error 403.13 - Forbidden
HRESULT: 0x800b010c
Description of HRESULT : Your client certificate was revoked, or the revocation status could not be determined.
Error message 2
Server Error in Application "application name"
HTTP Error 403.13 - Forbidden
HRESULT: 0x80092013
Description of HRESULT : Your client certificate was revoked, or the revocation status could not be determined.

Cause


Cause of error message 1

The certification authority that issued the client certificate revoked the client certificate. To resolve this problem, see Resolution 1.

Cause of error message 2

The IIS Web server cannot access the Certification Revocation List (CRL) for the client certificate. To resolve this problem, see Resolution 2.

Resolution


Resolution 1

On the client computer, install a client certificate that has not been revoked.

Resolution 2

Make sure that the IIS Web server can access the CRL for the client certificate. To do this, follow these steps:
  1. On the client computer, start Windows Internet Explorer.
  2. On the Tools menu, click Internet Options.
  3. Click the Content tab, and then click Certificates.
  4. Click the Personal tab, and then double-click the client certificate.

    Note Double-click the certificate for which Client Authentication is displayed in the Certificate intended purposes box.
  5. Click the Details tab, and then click CRL Distribution Points.

    You can see the CRL distribution point URLs in the box.
  6. For each CRL distribution point URL, copy the URL, paste the URL in the Address box in Internet Explorer, and then verify that you can successfully download the URL.