Verisign certificates don"t work on Windows2003 ASP.NET application!!!

Hi,

I am currently encountering the following problem. I have
a development server installed with the following:

Windows 2003 Server (Enterprise)
AD installed (Server is PDC)
SQLServer 2000 installed
Microsoft .NET installed

I have a ASP.NET application which requires clients to select a
certificate
from the client authentication dialog presented to them when they
connect
to my logon page over https. Now i am currently using Verisign
pilotsite
certificates for my users. Users can successfully enroll for a
certificate but
when they try to connect to my logon page and select their Verisign
certificate
IIS 6.0 returns with the following error:

HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is
not trusted by the Web server.
Internet Information Services (IIS)

Now i have checked the following:
The ROOT CA certificate for these type of Verisign Certificates has
been installed in the Local Computer store of Trusted Root
Certification Authority.
The Verisign Intermediate CA is installed in the Local Computer
store->Intermediate Certification Authority.
I've also updated the Verisign default Primary Certificate which
apparently expired at the end of the year according to the
instructions in the following
article : https://www.verisign.com/support/site/iis5check.html

After doing all of this i still get the above IIS6.0 error:

I looked at the win32 return code being returned and its description
is:
A certificate chain processed, but terminated in a root certificate
which is not trusted by the trust provider.

So for some reason it still does not trust the root CA for these
Verisign certificates i am using.

If anyone can help, i would much appreciate it

Regards

Romeel

Re: Verisign certificates don"t work on Windows2003 ASP.NET application!!!

Hi,

Check this article if it will help you out...

Update VeriSign Web Server Certificates Now for IIS: An expired VeriSign
intermediate certificate can result in non-validated connections to sites
using SSL
http://support.microsoft.com/default.aspx?scid=KB;EN-US;8344 38

--
Mike
Microsoft MVP - Windows Security

"Romeel" wrote in message
news:a800c0d2.0502210812.685c262d@posting.google.com...
> Hi,
>
> I am currently encountering the following problem. I have
> a development server installed with the following:
>
> Windows 2003 Server (Enterprise)
> AD installed (Server is PDC)
> SQLServer 2000 installed
> Microsoft .NET installed
>
> I have a ASP.NET application which requires clients to select a
> certificate
> from the client authentication dialog presented to them when they
> connect
> to my logon page over https. Now i am currently using Verisign
> pilotsite
> certificates for my users. Users can successfully enroll for a
> certificate but
> when they try to connect to my logon page and select their Verisign
> certificate
> IIS 6.0 returns with the following error:
>
> HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is
> not trusted by the Web server.
> Internet Information Services (IIS)
>
> Now i have checked the following:
> The ROOT CA certificate for these type of Verisign Certificates has
> been installed in the Local Computer store of Trusted Root
> Certification Authority.
> The Verisign Intermediate CA is installed in the Local Computer
> store->Intermediate Certification Authority.
> I've also updated the Verisign default Primary Certificate which
> apparently expired at the end of the year according to the
> instructions in the following
> article : https://www.verisign.com/support/site/iis5check.html
>
> After doing all of this i still get the above IIS6.0 error:
>
> I looked at the win32 return code being returned and its description
> is:
> A certificate chain processed, but terminated in a root certificate
> which is not trusted by the trust provider.
>
> So for some reason it still does not trust the root CA for these
> Verisign certificates i am using.
>
> If anyone can help, i would much appreciate it
>
> Regards
>
> Romeel

Re: Verisign certificates don"t work on Windows2003 ASP.NET application!!!

Hi,

I've tried the solution you suggested with no luck.
I still get the same error message from IIS6.0

Regards

Romeel

romeel_k@yahoo.co.uk (Romeel) wrote in message news:...
> Hi,
>
> I am currently encountering the following problem. I have
> a development server installed with the following:
>
> Windows 2003 Server (Enterprise)
> AD installed (Server is PDC)
> SQLServer 2000 installed
> Microsoft .NET installed
>
> I have a ASP.NET application which requires clients to select a
> certificate
> from the client authentication dialog presented to them when they
> connect
> to my logon page over https. Now i am currently using Verisign
> pilotsite
> certificates for my users. Users can successfully enroll for a
> certificate but
> when they try to connect to my logon page and select their Verisign
> certificate
> IIS 6.0 returns with the following error:
>
> HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is
> not trusted by the Web server.
> Internet Information Services (IIS)
>
> Now i have checked the following:
> The ROOT CA certificate for these type of Verisign Certificates has
> been installed in the Local Computer store of Trusted Root
> Certification Authority.
> The Verisign Intermediate CA is installed in the Local Computer
> store->Intermediate Certification Authority.
> I've also updated the Verisign default Primary Certificate which
> apparently expired at the end of the year according to the
> instructions in the following
> article : https://www.verisign.com/support/site/iis5check.html
>
> After doing all of this i still get the above IIS6.0 error:
>
> I looked at the win32 return code being returned and its description
> is:
> A certificate chain processed, but terminated in a root certificate
> which is not trusted by the trust provider.
>
> So for some reason it still does not trust the root CA for these
> Verisign certificates i am using.
>
> If anyone can help, i would much appreciate it
>
> Regards
>
> Romeel

Re: Verisign certificates don"t work on Windows2003 ASP.NET application!!!

HI Romeel,

I am experiencing similar kind of issue running client certificate
authenticated web service.

Could you please tell me the work around.

Your help is greatly appreciated.

Rgds,
Rajesh B

rajeshbanuka@yahoo.com

*** Sent via Developersdex http://www.developersdex.com ***