I have a customer who is running IIS 5.0. We need to contact a page on that server that is protected with SSL and requires client certificates. I have imported the client certificate in Mozilla 1.4 on Linux. When I access the page, the server responds:
HTTP 403.7 - Forbidden: Client certificate required The "User Identification Request" popup is never shown. However, when I connect with IE6, a similar popup is shown, and I can access the page. Also, using "openssl s_client -cert client.pem" works fine and shows the page. I have tried to debug this, but the problem is that the server only requests the client certificate after the browsers sends the GET statement. So, the first (readable) handshake is without client certificates. The renegotiation that happens after the GET is encrypted and I cannot see the problem. I am guessing this is an IIS issue, but I cannot prove it. Has anyone else seen this? Any ideas? Thanks, Richie PS: please Cc me when replying to the newsgroup -- Yes, that *is* my E-mail address
