Geeks With Blogs

Tim Huffam Dotting the I and crossing the T of I.T.

The following error may occur when trying to use a client cert for the first time (this error is from IIS 5):

The page requires a valid client certificate

The page you are trying to view requires the use of a valid client certificate. Your client certificate was revoked, or the revocation status could not be determined. The certificate is used for authenticating you as a valid user of the resource.

HTTP 403.13 - Forbidden: Client certificate revoked

The cause of this is usually  "the revocation status could not be determined.".  This is because CRL (certificate revocation list) checking has not been setup on the server. 

The simple solution for this (for development), is to just disable CRL checking.

You can do this using an IIS metabase tool (eg IIS Metabase Explorer) or adsutil, or, if you dont have these tools installed, you can run some VBScript to disable it - and this is how:

  1. Create a VBScript file with the following code:

    Set oWeb = GetObject("IIS://localhost/W3SVC")
    oWeb.CertCheckMode = 1
    oWeb.SetInfo
    Set oWeb = Nothing

  2. Save it to a .vbs file eg c:\turnoffcrlcheck.vbs
  3. Execute the script at the command prompt eg:

cscript.exe turnoffcrlcheck.vbs

And that's it.  You should not need to restart IIS.

HTH

Tim

     

Posted on Monday, June 12, 2006 9:57 AM ASP.NET , PHP (incl PhpMyAdmin) , IIS | Back to top


Comments on this post: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
Actually, running IISRESET may actually reset this flag.
Left by Akahige on Jun 12, 2006 1:10 PM

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
Please ignore my previous. I've been bitten by the registry hack in the past and saw it reset constantly. I've tested and it works.
Left by Akahige on Jun 12, 2006 1:27 PM

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
Hi,

Can you just help me out How to get the information related to CRL effective date and Next update from a given CRL in C#.

I am using KeyInfoX509Data and have created an object , using .CRL property

But unable to get the values related to CRL.

Thanks in advance if you can help me out.
Left by Gaurav Taneja on Oct 25, 2006 11:18 AM

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
Thanks, you say:

The simple solution for this (for development), is to just disable CRL checking.


For development. But I just in production, any solution? How can I check CRL list ??

thanks
Left by ae on Sep 01, 2009 6:30 AM

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
I'm having the same problem, but it is intermittent and appears to be heavily concentrated with some users from one location. However, when I try their CAC login from my computer it also does not work - so it does not appear to be client computer configuration. At first I would think it was the users CAC but I know for a fact that they are good and used for many other sites.

Any suggestions as to what to look for in IIS ???
Left by Don on Nov 04, 2009 9:53 AM

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
irctc site is not open
Left by Prashant Verma on Nov 12, 2009 10:41 PM

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
please help to remove this problum
Left by Sajid Mahmood Sarwar on Sep 24, 2010 12:14 AM

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
Thanks a lot!
Left by Rajesh on Oct 01, 2010 8:44 AM

# re: Error using client certs: The page requires a valid client certificate (403.13). How to turn off CRL checks in IIS.
Requesting Gravatar...
W3C is a boneless constiaum and can't force these son of bitch companies have bloody one standard property name ccan simplyfy people life split-luxury-vacation .
Left by Monika on Dec 13, 2012 10:52 PM

Your comment:
 (will show your gravatar)


Copyright © Tim Huffam | Powered by: GeeksWithBlogs.net