Tim Huffam

Dotting the I and crossing the T of I.T.
  Home  |   Contact  |   Syndication    |   Login
  129 Posts | 0 Stories | 874 Comments | 677 Trackbacks

News

Archives

Post Categories

Interesting Blogs/Links

Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.

The following error may occur when trying to use a client cert for the first time (this error is from IIS 5):

The page requires a valid client certificate

The page you are trying to view requires the use of a valid client certificate. Your client certificate was revoked, or the revocation status could not be determined. The certificate is used for authenticating you as a valid user of the resource.

HTTP 403.13 - Forbidden: Client certificate revoked

The cause of this is usually  "the revocation status could not be determined.".  This is because CRL (certificate revocation list) checking has not been setup on the server. 

The simple solution for this (for development), is to just disable CRL checking.

You can do this using an IIS metabase tool (eg IIS Metabase Explorer) or adsutil, or, if you dont have these tools installed, you can run some VBScript to disable it - and this is how:

  1. Create a VBScript file with the following code:

    Set oWeb = GetObject("IIS://localhost/W3SVC")
    oWeb.CertCheckMode = 1
    oWeb.SetInfo
    Set oWeb = Nothing

  2. Save it to a .vbs file eg c:\turnoffcrlcheck.vbs
  3. Execute the script at the command prompt eg:

cscript.exe turnoffcrlcheck.vbs

And that's it.  You should not need to restart IIS.

HTH

Tim

     

posted on Monday, June 12, 2006 9:57 AM

Feedback

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS. 6/12/2006 1:10 PM Akahige
Actually, running IISRESET may actually reset this flag.

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS. 6/12/2006 1:27 PM Akahige
Please ignore my previous. I've been bitten by the registry hack in the past and saw it reset constantly. I've tested and it works.

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS. 10/25/2006 11:18 AM Gaurav Taneja
Hi,

Can you just help me out How to get the information related to CRL effective date and Next update from a given CRL in C#.

I am using KeyInfoX509Data and have created an object , using .CRL property

But unable to get the values related to CRL.

Thanks in advance if you can help me out.

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS. 12/22/2006 12:27 AM Thomas
We have a e-app that has been hosted as an external website. This is accessed by both internal (within the company network) and external users (not on company network). From a couple of days none of us on the company network can access the web site, once we choose the digital cert an error comes up on the browser: The page requires a valid client certificate.
HTTP 403.17 - Forbidden: Client certificate has expired or is not yet valid

Our digital badges are defn valid and active. What could be causing this error?

External users have no probs with this.

Thanks in advance for any help you can give me on this.

Post Feedback

Title:
Name:
Email: (never displayed)
Url:
Comments: 
Please add 1 and 8 and type the answer here: