Reputation: 155
Authorize failed when any not-self-signed certificate exists in trusted root certification authorities
I've faced this problem when deploying my web service on IIS. I set up https protocol and binded certificate. But authorization did not work and iis returned 403 error. Authorization had worked after deletion the only cross-certificate out of trusted root certification authorities. Issuer of this cross-certificate was also in trusted root certification authorities. Is it normal behavior?
Upvotes: 0
Views: 736
Answers (1)
Reputation: 3042
Yes, it is normal.
If you can reproduce the issue, please check the sub status code of 403 error. I think it may be 403.16.
One cause for this error is that non-self-signed certificates are in Trusted Root.
There are one or more non-self-signed certificates in the Trusted Root Certification Authorities Certificate store. A non-self-signed certificate is any certificate for which the Issued To and Issued By values aren't an exact match.
Resolution is moving any non-self-signed certificated out of the Trusted Root Certification Authorities Certificate store and into the Intermediate Certification Authorities Certificate store.
Upvotes: 2
Related Questions
- IIS Express self-signed certificate not trusted
- net::ERR_CERT_AUTHORITY_INVALID in ASP.NET Core
- Why won't browsers trust a self-signed SSL certificate from IIS?
- "The request was aborted: Could not create SSL/TLS secure channel"
- ASP.NET Core fail to create root certificate
- HttpWebRequest: Could not establish Trust Relationship for SSL - Self Signed Certificate already added to Trusted Root CA
- "The remote certificate is invalid according to the validation procedure"
- self signed cert. The underlying connection was closed: Could not establish trust relationship
- Self Signed SSL Certificate 403.7 Error
- Cannot use self issued client certificate