Browser popoup prompts user to pick a certificate


#1

Hi All, and thanks if you can help…

https://dr-fayard-caroline.chirurgiens-dentistes.fr/
Windows Server 2016 / IIS 10
Certificates generated using PKISharp/WinAcme

In some browsers (Chrome…) sometimes, a popup appears prompting the user to pick a certificate (among… a single certificate…) to authenticate to the website. I have dozens of websites and only some have this behavior… No clue in tech forums… I read something about the “60-days”, another article about breaks in the cert chain, but the cert is < 50 days and no old X1 authority certificate is present on the server (except a fake LE X1 I removed today).

Help appreciated, thanks in advance…

Greg.


#2

Hi @Greg45

do you have a screenshot?

There are mixed content warnings.

But these should not open such a popup.

Sounds like one instance want’s a client certificate.


#3

Hi,

Your web server is misconfigured to not only serve tls connection but ask for client certificate from clients…

Please try to reverse steps done in Step 4 to remove the request for client certificate when client connects.
https://blogs.msdn.microsoft.com/asiatech/2016/08/22/how-to-create-an-iis-website-that-requires-client-certificate-using-self-signed-certificates/

Thank you


#4

Thanks that makes me feel like an idot… The site was configured to “Accept” client certificates instead of “Ignore”…

Many many thanks stevenzhu :sunny:


#5

Thanks for your quick answer I had as soon as you posted it.
I corrected the mixed contents. The site was configured to “Accept” certificates so I assume Chrome tries to send a cert if the site declares accepting them…
I set SSL parameters to “Ignore” client certificates, seems to work like a charm.
Many thanks.

Greg.


#6

@stevenzhu - @Greg45

Curious: Checked (2 days) with Chrome, FireFox and Edge - no “please give me your client certificate” warning.


#7

Use your mobile device :neutral_face:

Thx