"403.7 Forbidden: Client Certificate Required" error when you open an IIS webpage
403.7 Forbidden: Client certificate required
The following are several possible causes of this problem:
- The root certificate (certification authority certificate) of the client certificate is not installed on the computer that is running IIS.
- The client certificate has expired, or the effective time has not been reached.
- The client certificate was revoked.
- No valid client certificate is available, or a potentially valid client certificate does not have an associated private key installed.
- If you do not have a client certificate for the site, and you need one, contact the site administrator for instructions.
- Check the expiration date and time of the certificate. If your certificate has expired, contact the site administrator for instructions.
For site administrators
Check whether the server running IIS considers the certificate valid
- Export the certificate to a .CER file.
- Copy the .CER file to the server that is running IIS.
- Open the .CER file on the server that is running IIS.
- Look at the Certification Path tab. If all certificates in the chain are displayed without a red "cross," then the certificate chain is trusted by the computer. If the root certification authority has a red cross against it, continue to the next set of steps.
Install the root certification authority certificate manuallyTo resolve this issue, install the root certification authority certificate manually. To do this, follow these steps:
- Click Start, click Run, type mmc, and then click OK.
- On the File menu, click Add/Remove Snap-in.
- In the Add or Remove Snap-ins dialog box, select Certificates under Available Snap-ins, and then click Add.
- In the Certificates snap-in, select Computer account, click Finish twice, and then click OK.
- Under Console Root, expand Certificates (Local Computer).
- Expand Trusted Root Certification Authorities, and then right-click Certificates.
- Select All Tasks, and then click Import….
- Click Next, and then navigate to the location where the Root CA certificate file is stored.
- After the certificate has been selected, click Next two times, and then click Finish.
Article ID: 186812 - Last Review: 12/08/2015 06:51:00 - Revision: 7.0
- kbprb kbprod2web kbconsumer kbquadranttechsupp KB186812