IE6SP1 on Windows2000, SSL, client authentication, 403.7 and so on and so on.

[Nickolay Bolshackov]

Hi!

I've some sort of troubles trying to build an Single Sign-On server.
My web application redirects (by sending 302 moved) user to custom SSO
built on ASP.NET (IIS5.0, Windows 2000) using secure protocol (HTTPS).

SSO requires client to authenticate with client certificate. So, the problem
occurs on client machines running Windows 2000 with IE 6SP1 (2800.1106),
when user reaches the SSO page, server responds with 403.7 (certificate
required). Of course, client certificate for this user is present and valid.

On XP client machines with IE6SP2(2900.xxxx) it does not happened. It also
worked fine with Firefox on any platform.

Does anybody have any idea on what's this about? Any help would be
appreciated.

\\NB

 

[Jan Il]

Hi Nickolay

Try the following and see if it helps:

How can I turn off the "security alert" dialog boxes that appears when I
open a webpage
http://itinfo.mit.edu/answer?id=5228

also…..

Make sure your machine clock and date are set correctly.

Every certificate has an expiration and start date. When your clock or date
is off, a ways, it may think the certificates are not valid, so it pops up
this alert telling you that its either not valid yet or expired for your own
protection. So, be sure your date and time are correct and see if the
alerts stop.

and....

Go to Tools>Internet Options>Advanced tab>scroll down to 'Warn about invalid
site
certificates" and make sure it is UNchecked.

If that does not work, you might also try:

Go to Tools>Internet Options>Security tab>highlight Internet>click Custom
level tab>scroll down and UNcheck the button next to "Don't prompt for
client certificate selection when no certificates or only one certificate
exists."

You might also try adding the site to the Trusted Sites in the
Tools>Internet Options>Security tab and see if that helps as well.

Hope this helps.

Jan
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Nickolay Bolshackov]

Hi Jan,

How can I turn off the "security alert" dialog boxes that appears when I
open a webpage
http://itinfo.mit.edu/answer?id=5228

Had tried it in all possible combinations

Make sure your machine clock and date are set correctly.

They are.

So, be sure your date and time are correct and see if the

alerts stop.

There is no alerts, if you mean "gray rectangles with red icon and pair of
OK/Cancel buttons" I just see that server returns HTTP/1.1 403.7 instead
of expected HTTP/1.1 200.
Again, as far as I can see there are some differences between IE6SP1 on W2K
and IE6SP2 on XP which made this possible. But MSDN gave me no answer

Go to Tools>Internet Options>Advanced tab>scroll down to 'Warn about
invalid site
certificates" and make sure it is UNchecked.

If that does not work, you might also try:

Go to Tools>Internet Options>Security tab>highlight Internet>click Custom
level tab>scroll down and UNcheck the button next to "Don't prompt for
client certificate selection when no certificates or only one certificate
exists."

You might also try adding the site to the Trusted Sites in the
Tools>Internet Options>Security tab and see if that helps as well.

Hope this helps.

It doesn't


\\NB

Jan
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

Hi!

I've some sort of troubles trying to build an Single Sign-On server.
My web application redirects (by sending 302 moved) user to custom SSO
built on ASP.NET (IIS5.0, Windows 2000) using secure protocol (HTTPS).

SSO requires client to authenticate with client certificate. So, the
problem occurs on client machines running Windows 2000 with IE 6SP1
(2800.1106), when user reaches the SSO page, server responds with 403.7
(certificate required). Of course, client certificate for this user is
present and valid.

On XP client machines with IE6SP2(2900.xxxx) it does not happened. It
also worked fine with Firefox on any platform.

Does anybody have any idea on what's this about? Any help would be
appreciated.

\\NB

 

[Jan Il]

Hi Nickolay

Sorry that I can't be of help, but, perhaps someone else here has more
experience in this area and can provide you with more information on your
problem.

Good Luck

Hope this helps.

Jan
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

Hi Jan,

How can I turn off the "security alert" dialog boxes that appears when I
open a webpage
http://itinfo.mit.edu/answer?id=5228

Had tried it in all possible combinations

Make sure your machine clock and date are set correctly.

They are.

So, be sure your date and time are correct and see if the

alerts stop.

There is no alerts, if you mean "gray rectangles with red icon and pair of
OK/Cancel buttons" I just see that server returns HTTP/1.1 403.7
instead of expected HTTP/1.1 200.
Again, as far as I can see there are some differences between IE6SP1 on
W2K and IE6SP2 on XP which made this possible. But MSDN gave me no answer

Go to Tools>Internet Options>Advanced tab>scroll down to 'Warn about
invalid site
certificates" and make sure it is UNchecked.

If that does not work, you might also try:

Go to Tools>Internet Options>Security tab>highlight Internet>click Custom
level tab>scroll down and UNcheck the button next to "Don't prompt for
client certificate selection when no certificates or only one certificate
exists."

You might also try adding the site to the Trusted Sites in the
Tools>Internet Options>Security tab and see if that helps as well.

Hope this helps.

It doesn't


\\NB

Jan
MS MVP - Windows IE/OE [DTS/AumHa]
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other
readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

Hi!

I've some sort of troubles trying to build an Single Sign-On server.
My web application redirects (by sending 302 moved) user to custom SSO
built on ASP.NET (IIS5.0, Windows 2000) using secure protocol (HTTPS).

SSO requires client to authenticate with client certificate. So, the
problem occurs on client machines running Windows 2000 with IE 6SP1
(2800.1106), when user reaches the SSO page, server responds with 403.7
(certificate required). Of course, client certificate for this user is
present and valid.

On XP client machines with IE6SP2(2900.xxxx) it does not happened. It
also worked fine with Firefox on any platform.

Does anybody have any idea on what's this about? Any help would be
appreciated.

\\NB