Can someone explain this difference in IE behavior?

O

Ohaya

Hi,

I'm cross-posting this to an IE browser group and to the Platform SDK
group, as this may be either IE-specific or something to do with some
underlying crypto mechanism...


I am doing some testing with SSL and client certificates with IE, using
IE6 on Windows 2000.

My test web server is IIS5, and it is setup for SSL, with both server
and client authentication.

Generally, everything is working, but I've noted one difference in
behavior between some machines which I don't understand and can't
explain.

Here's the situation:

1) I have a Win2K user account setup on several machines that has no
client certificates installed.

2) On some machines, when I connect to my SSL web site, I get a popup
window asking me to select a client certificate to use. Since there are
no client certificates, the panel in the window is blank. When I click
"YES", I get a 403.7 error (client certificate required).

3) On some other machines, when I connect to my SSL web site, I don't
get the popup window described in #2 above at all. I simply get the
page with the 403.7 error.


I cannot figure out why #2 occurs on some machines, while #3 occurs on
other machines.


BTW, the versions of IE6 are the same service pack level on all the
above machines, and the machines are on Win2K SP4.


Can anyone explain this difference behavior?


Thanks in advance!!

Jim
 
H

H Leboeuf

Have you seen these articles?

Error Message: 403.7 Forbidden: Client Certificate Required
When you try to establish communication with a Web site that requires client
authentication, you may receive the following error messages:
HTTP Error 403.7 Forbidden: Client certificate required.
http://support.microsoft.com/?kbid=186812 (7/4/2003)


Error 403.7 or "Connection to Server Could Not Be Established"
One of the following errors occurs when trying to browse a Web site that has
Secure Sockets Layer (SSL) enabled:
HTTP Error 403.7 Forbidden: Client certificate required.
http://support.microsoft.com/?kbid=190004 (5/20/2003)
 
O

ohaya

Henri,

I understand the 403.7 error. That is not what I was asking about.
What I'm not clear on is why the empty/blank certificate popup window
gets displayed in some cases, but not in other cases?

Jim
 
M

Mike

Try going into IE, Tools | Internet Options, Security tab. Make sure the
Internet icon is highlighted, click on the Custom Level button, scroll down
to the Miscellaneous section, find the subsection "Don't prompt for client
certificate selection when no certificates or only one...." (it's a good way
down!) It can be disabled or enabled. It's probably set differently between
the various machines, especially if their security levels for the internet
zone have been changed.
 
O

Ohaya

Mike,

Wow! That was it!

Thanks. This was kind of driving me crazy, because I was trying to
write up some test procedures, and couldn't figure this out.

Thanks,
Jim
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IE6SP1 on Windows2000, SSL, client authentication, 403.7 and so on and so on. 3
Can someone explain this (corporate) trendnet.org web-proxy behavior? 3
SSL Client certificate in IIS 6.0. Different root CAs? 2
IE 6 -- difference between versions 4
SSL Certificates, and browser verification 3
Issue opening Word files in IE Browser 2
what is equiv of Netscape Reset master passwd in IE6? 2
Question about IE menu behavior 3

Top