i get the following error page if i try to open a https page on my server: "Client certificate is untrusted or invalid"
The Server was already working, i had to renew the certificate because it expired. I checked all certificates twice (mmc) but don't see any outdated certificate.
I also try http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/bb089a80-c8ba-4004-9c0f-f10fb6b36416.mspx?mfr=true but without success.
Any other suggestions?
Thanks for your help!
This is usually caused by something incorrect in the cert chain. I would check the FAQ for your cert authority and download and install all certs that they require. A reboot is often needed when you change intermediate certs.
Also, if you view the properties of the cert, and the last tab, it will show the cert chain. You can check with your cert authority to confirm that it's the correct chain. Sometimes old root or intermediate certs can clash with some authorities' certs.
If you are getting a client certificate error, then you should look on the client side. Make sure your client has all the intermediate certificates in the chain present and is sending it to the server. If the server has no other network connectivity, ensure that the intermediates are also present on the server side, so it can build and validate the client certificate chain.
I would suggest using Wireshark or other network tracing tool to capture the traffic and look at what is going on. If the client authentication is done through renegotiation (aka second handshake encrypted using the existing session), then look at the size the messages to judge whether the entire client chain is being sent over or just part of it.
