When you try to establish communication with a Web site that requires
client authentication, you may receive the following error messages:
HTTP Error 403
403.7 Forbidden: Client certificate required
This error occurs when the resource that you are trying to access requires that your browser has a client Secure Sockets Layer (SSL) certificate that
the server recognizes. This is used for authenticating you as a valid user
of the resource. Contact the administrator of the Web server to obtain a valid client certificate.
There are several possible causes of this problem:
- The root certificate (certificate authority certificate) of the client certificate issuing server is not installed on the computer that is
- The client certificate has expired or the effective time has not been
- The client certificate has been revoked.
Depending on the cause of your problem, try one of the following
- Download the root server certificate in a browser on the server
computer. Run the Iisca.exe command line utility that is located in the Inetsrv
- Check the effective date on the client certificate and make sure that the
date and time has arrived. Check the expiration date and make sure that the
certificate has not expired.
- Contact your certificate authority to see if your certificate has expired.
Microsoft Internet Explorer 4.0 and IIS 4.0 store their root certificates in different locations of the registry. The Iisca.exe utility synchronizes the two root certificate stores.