In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] SPAM-HERE.com says... > I have a customer who is running IIS 5.0. We need to contact a page on > that server that is protected with SSL and requires client > certificates. I have imported the client certificate in Mozilla 1.4 on > Linux. When I access the page, the server responds: > > HTTP 403.7 - Forbidden: Client certificate required > > The "User Identification Request" popup is never shown. However, when > I connect with IE6, a similar popup is shown, and I can access the > page. Also, using "openssl s_client -cert client.pem" works fine and > shows the page. >
See what list of client CAs you get with s_client. If you don't get any try using the -prexit option after you manually type in the GET. See if the CA you want to use is in the list. If it isn't IIS isn't configured to send your CA in its list. I can't quite recall how to add a CA to the list IIS sends for client auth. I *think* you had to check the physical stores checkbox and something like trusted root authorities then local computer in the import wizard. Steve.
