IIS Certificate issue when a new user visits site

J316PL · July 2, 2018, 9:32am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.j316gallery.com
I ran this command:
When some new user visits my website…
It produced this output:
Message is prompted: “Do you want to install this certificate?” or something similar

If user chooses ‘continue’, user will lose access to the website even after reboot.
If user chooses ‘cancel’, user will gain access to the website and everything will be normal.

My web server is (include version):
IIS8
The operating system my web server runs on is (include version):
Win2012r2
My hosting provider, if applicable, is:
Self hosted
I can login to a root shell on my machine (yes or no, or I don’t know):
No shell needed.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Internet Information Server (IIS) Manager

stevenzhu · July 2, 2018, 10:04am

Hi,

It seems that the server is using client side identification… (Request client to provide a certificate to the server to verify his / hers identity…)

This tutorial might able to help you:

Thank you

J316PL · July 2, 2018, 10:29am

Thanks Steven

I’ll install IIS Client Certificate Mapping Authentication.

Hope it works.

stevenzhu · July 2, 2018, 10:42am

Hi,

I’m saying you’ve configtured client certificate authorization… Please do not install that since that’s not what you want…

Thank you

J316PL · July 2, 2018, 10:50am

Thanks Steven

How do I disable client certificate authorization? I’ve no idea how it’s enabled by default.

Should I enable IIS client certificate authorization instead?

Thank you very much.

JuergenAuer · July 2, 2018, 10:52am

Hi @J316PL

I tested your site with IE11 and Edge, no suggestion to install a certificate or to upload a client certificate.

J316PL · July 2, 2018, 10:54am

Certain users were prompted that message but not every user, and I believe Apple users are most affected.

Thank you very much.

JuergenAuer · July 2, 2018, 1:37pm

Check your Site with SSL Server Test (Powered by Qualys SSL Labs)

There is a second, self-signed certificate and a second Certification Path, which is not valide. Perhaps this is the reason, so change your certificate binding of Port 443.

And you should disable SSL 3 and RC4.

J316PL · July 3, 2018, 1:26am

Thanks guys for all the help.

I’ll try them all and see if I still receive any complaints.

system · August 2, 2018, 1:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.