HTTP error 403.16 - client certificate trust issue

Question

I am trying to implement client certificate authentication on IIS 8. I have deployed my configuration on a development machine and verified it working as expected there. How

Answer 1

In my case I'd been adding the root cert into the 'current user' certificate store on the server and was getting the 403.16 error.

Adding my root cert to the Trusted Root Authorities store for the local machine resolved the issue.

Follow the steps below on the server running IIS.

For Windows Server 2008 R2:

1. Right click on the certificate file and select 'Install Certificate'. Click next.
2. Select 'Place all certificates in the following store' and click 'Browse...'
3. Check 'Show physical stores'
4. Expand 'Trusted Root Certification Authorities' and select 'Local Computer'. Click OK.
5. Click Next/Click Finish.

For Windows Server 2012 R2:

1. Right click on the certificate file and select 'Install Certificate'.
2. Select 'Local Machine'. Click Next.
3. Select 'Place all certificates in the following store' and click 'Browse...'
4. Select 'Trusted Root Certification Authorities'. Click OK.
5. Click Next/Click Finish.

For Windows 7:

1. Start -> Run -> mmc.exe
2. File -> 'Add or Remove Snap-ins'. Select 'Certificates', click 'Add >' and select 'Computer account' and then 'Local computer'. Click Finish/OK
3. Expand Certificates (Local Computer) -> Trusted Root Certification Authorities -> Certificates. Right click on Certificates and select All Tasks -> Import.
4. Select the certificate file and click next.
5. Select 'Place all certificates in the following store' and click 'Browse...'
6. Check 'Show physical stores'
7. Expand 'Trusted Root Certification Authorities' and select 'Local Computer'. Click OK.
8. Click Next/Click Finish.