Hi,
We are trying to host a secure webservice over IIS 5.0 using server and client authentication certificates.
Here are the details of the steps we followed to setup Client Authent:
1) Created a server certificate request and submitted the same to Verisign.
2) Installed the Verisign supplied test(trial) server ceritificate on the server.
3) Installed the Test CA root certificate on both the server and the client.
At this point we were able to get the secure webservice accessible through HTTPS with only server authentication.
4) Created a client certificate request and submitted the same to Verisign.
5) Installed the Verisign supplied test(trial) client certificate on the client.
6) Enabled the 'Require Client Certificates' option in the IIS Directory Security for the Virtual Directory where the webservice components(Activex DLL, wsdl, wsml etc) are placed.
At this point when we tried to access the Webservice, we get a 'HTTP 403.13 - Forbidden: Client certificate revoked' error.
We even tried to access the wsdl file using browser by typing in
https://<server>:8443/<VirtualDirectory>/Server/server.wsdl, but we get the same error even with the HTTP GET method which again says - HTTP 403.13 - Forbidden: Client certificate revoked.
We later read an article in msdn (Article no. 294305) which talks abou this error.
We later retrievd the CRL(Certificate Revocation List) rom verisign (http://crl.verisign.com/SecureServerTestingCA.crl) and verified that the serial no. of our client certificate is not listed in the CRL, so this confirms that the certificate has not been revoked.
Any idea why we get this error message still ?
Any help in this regard is greatly appreciated.
Thanks in advance...
Thanks & Regards,
Harsha.
FAQ
Profile
Private Messages
Log in
