Browser popoup prompts user to pick a certificate

Hi All, and thanks if you can help…

https://dr-fayard-caroline.chirurgiens-dentistes.fr/
Windows Server 2016 / IIS 10
Certificates generated using PKISharp/WinAcme

In some browsers (Chrome…) sometimes, a popup appears prompting the user to pick a certificate (among… a single certificate…) to authenticate to the website. I have dozens of websites and only some have this behavior… No clue in tech forums… I read something about the “60-days”, another article about breaks in the cert chain, but the cert is < 50 days and no old X1 authority certificate is present on the server (except a fake LE X1 I removed today).

Help appreciated, thanks in advance…

Greg.

Hi @Greg45

do you have a screenshot?

There are mixed content warnings.

But these should not open such a popup.

Sounds like one instance want's a client certificate.

Hi,

Your web server is misconfigured to not only serve tls connection but ask for client certificate from clients…

Please try to reverse steps done in Step 4 to remove the request for client certificate when client connects.
https://blogs.msdn.microsoft.com/asiatech/2016/08/22/how-to-create-an-iis-website-that-requires-client-certificate-using-self-signed-certificates/

Thank you

Thanks that makes me feel like an idot… The site was configured to “Accept” client certificates instead of “Ignore”…

Many many thanks stevenzhu :sunny:

Thanks for your quick answer I had as soon as you posted it.
I corrected the mixed contents. The site was configured to “Accept” certificates so I assume Chrome tries to send a cert if the site declares accepting them…
I set SSL parameters to “Ignore” client certificates, seems to work like a charm.
Many thanks.

Greg.

1 Like

@stevenzhu - @Greg45

Curious: Checked (2 days) with Chrome, FireFox and Edge - no “please give me your client certificate” warning.

Use your mobile device :neutral_face:

Thx

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.