IIS Certificate issue when a new user visits site


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.j316gallery.com
I ran this command:
When some new user visits my website…
It produced this output:
Message is prompted: “Do you want to install this certificate?” or something similar

  1. If user chooses ‘continue’, user will lose access to the website even after reboot.
  2. If user chooses ‘cancel’, user will gain access to the website and everything will be normal.

My web server is (include version):
IIS8
The operating system my web server runs on is (include version):
Win2012r2
My hosting provider, if applicable, is:
Self hosted
I can login to a root shell on my machine (yes or no, or I don’t know):
No shell needed.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Internet Information Server (IIS) Manager


#2

Hi,

It seems that the server is using client side identification… (Request client to provide a certificate to the server to verify his / hers identity…)

This tutorial might able to help you:

Thank you


#3

Thanks Steven

I’ll install IIS Client Certificate Mapping Authentication.

Hope it works.


#4

Hi,

I’m saying you’ve configtured client certificate authorization… Please do not install that since that’s not what you want…

Thank you


#5

Thanks Steven

How do I disable client certificate authorization? I’ve no idea how it’s enabled by default.

Should I enable IIS client certificate authorization instead?

Thank you very much.


#6

Hi @J316PL

I tested your site with IE11 and Edge, no suggestion to install a certificate or to upload a client certificate.


#7

Certain users were prompted that message but not every user, and I believe Apple users are most affected.

Thank you very much.


#8

Check your Site with https://www.ssllabs.com/ssltest/

There is a second, self-signed certificate and a second Certification Path, which is not valide. Perhaps this is the reason, so change your certificate binding of Port 443.

And you should disable SSL 3 and RC4.


#9

Thanks guys for all the help.

I’ll try them all and see if I still receive any complaints.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.