SSL certificate error 403.13 in IIS 7.5

7.7k views Asked by At

I'm getting 403.13 in IIS logs, when I'm trying to access my api using the created certificate(sha1). Further I tested the same certificate in other test environment it works treat and I get the the XML from the api without any issue.

Certificate pfx is installed in Certificate store and in the browser I'm using Windows 2008 R2. Certificate is not been revoked but this issue really made me baffled. I'm new into this, however I think I covered everything interms of my investigation(firewall rules and antivirus and everything) and as its working in other test env and not in the uat, its really leave me no choice apart asking for help. Not sure what to look at, appreciate if anybody shed some light or give us pointers to investigate.

Ta Shoaib

2

There are 2 answers

2
pepo On BEST ANSWER

Check if CRLs in certificate chain of client certificate are reachable by the server. Chain has to be build on server side so check if you have all certificates in corresponding stores (root, intermediate ...). certutil command might help you with it.

0
Plamen Ignatov On

This is a rather old question, but I struggled with a similar problem and found a solution on this blog post.

In short there is a way to disable CRL/ OCSP validation per IIS site using command line. Please note, that this disables all CRL validation for every client certificate used on this particular site, so this might or might not be what one wants.