I have a customer who is running IIS 5.0. We need to contact a page on that server that is protected with SSL and requires client certificates. I have imported the client certificate in Mozilla 1.4 on Linux. When I access the page, the server responds:
HTTP 403.7 - Forbidden: Client certificate required
The possible explanations include:
a) the server is not sending the name of the cert's issuer in the client cert request (a server misconfiguration), b) the browser does not have the private key for the user cert, c) the browser does not have the complete chain of CA certs for the user cert d) The user cert, or one of the CAs in its chain is not valid for SSL client authentication, due to the presence or absense of some certificate "extension" that defines the valid usages for the cert. e) the user cert has expired or is not yet valid, or one of the certs in its chain has expired or is not yet valid.
You can check the last 4 items using the "certificate manager" built into moz 1.4. The cert should appear in the tab of "your" certs, and should appear to be valid for SSL, and the cert chain should appear to be complete, up to a known root CA cert.
-- Nelson B
