Decrease Font Size
Increase Font Size
   BLOG

HTTP Error 403.13 Client Certificate Revoked

IIS returns HTTP "403.13 Client Certificate Revoked" error message although certificate is not revoked

Run into the above error on one of the application setup to use Client Certificate Authentication. In IIS, under SSL Settings, check the Require SSL checkbox, select Require radio button under Client certificates.

This issue is related to environment because the application work on one environment and throw the above error on another environment. According to this article on https://support.microsoft.com/en-us/kb/294305 "By default, Internet Information Services (IIS) checks to see if the client certificate that is being presented has been revoked. It does this by downloading the client certificate's Certificate Revocation List (CRL) from a Certificate Distribution Point (CDP) that is listed as part of the client certificate. If IIS is unable to download at least one of the CRLs of the client certificate, the HTTP error message is displayed in the client's browser."

The solution is to check the server firewall setting/policy to make sure it has the privilege to download the client certificate's Certificate Revocation List (CRL) from a Certificate Distribution Point (CDP) that is listed as part of the client certificate. I would not advice to disable the revocation check instead work with the server Administrator/Security Expert to resolve the issue.

Comment/feedback is welcomed.