What are some steps to trouble shoot denied HTTPS requests in IIS 7?

Brian Surowiec asked:

I’m hosting a site in IIS 7 that’s using a wildcard certificate from RapidSSL. To date there’s been no issues of people not being able to connect to the site with SSL. Now we have a client who can’t connect from every machine in their network. The client machines are Red Hat and Windows XP. They can make HTTP requests ok but HTTPS return a 403.16 error. Since they aren’t reaching our ASP.NET code there isn’t any debug info I can get from there and nothing from IIS is being logged.

The requests are coming from both a web browser and a custom piece of software sending us notifications. Neither works.

Things checked so far:

  • No errors in the Application Log
  • Verified the entire certificate chain is installed and not just the client certificate

My answer:

IIS is rejecting the client certificate. This generally means that your server doesn’t have the CA which was used to generate the client certificates. You will need to obtain this from the client and install it on the IIS server.

See this Microsoft KB article: Error message when you visit a Web site that is hosted on IIS 7.0: “HTTP Error 403.16 – Forbidden”

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.