Outlook web access

9 Mar 2006 5:13 AM

Mike Henshaw

I have a W2K2 server running Exchange server2003. I am trying to get OWA
working with forms based authentication. I have set up this same server with
certificate services and have generated the certificate. In IIS I have
selected the certificate to be used for OWA access. On most LAN clients I
can access the webmail site https://servername/exchange without a problem,
but users who use another server via terminal services get an error. This
error appears even when trying to test the OWA site from the domain
controller on the LAN. The error also appears for all external clients
trying to access OWA. I feel that I am doing something silly here.

Any Ideas.

The page requires a valid SSL client certificate
Your client certificate was revoked, or the revocation status could not be
determined. A Secure Sockets Layer (SSL) client certificate is used for
identifying you as a valid user of the resource.

--------------------------------------------------------------------------------

Please try the following:

a.. Contact the Web site administrator to establish to establish client
certificate permissions or to obtain a new certificate.
HTTP Error 403.13 - Forbidden: Client certificate has been revoked on the
Web server.
Internet Information Services (IIS)

9 Mar 2006 5:29 AM

Ken Schaefer

This is an error indicating that you are requiring the *client* (i.e. the
user) to supply a certificate, not a problem with the server's certificate.

On the TS box, the user's profile might not have a certificate installed,
whereas that same user might have a valid client certificate stored in their
certificate store on their local PC.

If you don't require client certificates, then disable that option in IIS
Manager.

Cheers
Ken

Show quoteHide quote

"Mike Henshaw" <mhens***@lawform.com.au> wrote in message
news:%23nGWfhzQGHA.2536@tk2msftngp13.phx.gbl...
:I have a W2K2 server running Exchange server2003. I am trying to get OWA
: working with forms based authentication. I have set up this same server
with
: certificate services and have generated the certificate. In IIS I have
: selected the certificate to be used for OWA access. On most LAN clients I
: can access the webmail site https://servername/exchange without a problem,
: but users who use another server via terminal services get an error. This
: error appears even when trying to test the OWA site from the domain
: controller on the LAN. The error also appears for all external clients
: trying to access OWA. I feel that I am doing something silly here.
:
: Any Ideas.
:
:
:
: The page requires a valid SSL client certificate
: Your client certificate was revoked, or the revocation status could not be
: determined. A Secure Sockets Layer (SSL) client certificate is used for
: identifying you as a valid user of the resource.
:
:
: --------------------------------------------------------------------------------
:
: Please try the following:
:
: a.. Contact the Web site administrator to establish to establish client
: certificate permissions or to obtain a new certificate.
: HTTP Error 403.13 - Forbidden: Client certificate has been revoked on the
: Web server.
: Internet Information Services (IIS)
:
:
:

9 Mar 2006 11:54 PM

Mike Henshaw

Thanks Ken. That did the trick. I had checked the "Accept client
certificates" radio button thinking that that it would not actually require
them before granting access to the page.

If I wanted to set it to require client certificates so that the server only
allows access to clients with a valid certificate, what would be the process
for installing the correct certificate on client machines, and are these
certificates portable i.e can you put them onto a USB drive etc?

For now though it's enough to have OWA working so that any users who access
OWA from hotels etc, can do so safely.

Show quoteHide quote

"Ken Schaefer" <kenREM***@THISadOpenStatic.com> wrote in message
news:%23TpFDqzQGHA.4452@TK2MSFTNGP12.phx.gbl...
> This is an error indicating that you are requiring the *client* (i.e. the
> user) to supply a certificate, not a problem with the server's
> certificate.
>
> On the TS box, the user's profile might not have a certificate installed,
> whereas that same user might have a valid client certificate stored in
> their
> certificate store on their local PC.
>
> If you don't require client certificates, then disable that option in IIS
> Manager.
>
> Cheers
> Ken
>
> "Mike Henshaw" <mhens***@lawform.com.au> wrote in message
> news:%23nGWfhzQGHA.2536@tk2msftngp13.phx.gbl...
> :I have a W2K2 server running Exchange server2003. I am trying to get OWA
> : working with forms based authentication. I have set up this same server
> with
> : certificate services and have generated the certificate. In IIS I have
> : selected the certificate to be used for OWA access. On most LAN clients
> I
> : can access the webmail site https://servername/exchange without a
> problem,
> : but users who use another server via terminal services get an error.
> This
> : error appears even when trying to test the OWA site from the domain
> : controller on the LAN. The error also appears for all external clients
> : trying to access OWA. I feel that I am doing something silly here.
> :
> : Any Ideas.
> :
> :
> :
> : The page requires a valid SSL client certificate
> : Your client certificate was revoked, or the revocation status could not
> be
> : determined. A Secure Sockets Layer (SSL) client certificate is used for
> : identifying you as a valid user of the resource.
> :
> :
> : --------------------------------------------------------------------------------
> :
> : Please try the following:
> :
> : a.. Contact the Web site administrator to establish to establish client
> : certificate permissions or to obtain a new certificate.
> : HTTP Error 403.13 - Forbidden: Client certificate has been revoked on
> the
> : Web server.
> : Internet Information Services (IIS)
> :
> :
> :
>
>