Avatar for Username

Vyhľadajte odpoveď

Vyhnite sa podvodom s podporou. Nikdy vás nebudeme žiadať, aby ste zavolali alebo poslali SMS na telefónne číslo alebo zdieľali osobné informácie. Nahláste prosím podozrivú aktivitu použitím voľby “Nahlásiť zneužitie”.

Learn More

Táto téma bola archivovaná. Ak potrebujete pomôcť, založte prosím novú otázku.

Trying to sign a page with an expired certificate, FF 20 allows me to select it and then shows the "401-Access is denied" message. How can I fix it?

  • 2 odpovede
  • 7 má tento problém
  • 2 zobrazenia
  • Posledná odpoveď od hecferme

hecferme
hecferme
more options

I am trying to sign an aspx page using an expired client certificate; when ff reads it, it says it is expired, but allows me to choose it as my credentials and tries to sign the page, failing with a 401 error, instead of showing me the sec_error_expired_certificate error that it is supposed to catch. In IE 10 the expired certificate is not even shown at all. The URL with an image of the expired certificate details that ff shows is https://docs.google.com/drawings/d/1lT9eaRWKKwRWz-N0KycJ9GZY0kh_vc6QJ96L-1mHT1U/edit?usp=sharing

The problem is that this exception is not redirecting to my aspx code, so I cannot catch the error. How can I fix this problem, advertising the user in a friendly way that the certificate is really expired?

Thanks a lot Hector

I am trying to sign an aspx page using an expired client certificate; when ff reads it, it says it is expired, but allows me to choose it as my credentials and tries to sign the page, failing with a 401 error, instead of showing me the sec_error_expired_certificate error that it is supposed to catch. In IE 10 the expired certificate is not even shown at all. The URL with an image of the expired certificate details that ff shows is https://docs.google.com/drawings/d/1lT9eaRWKKwRWz-N0KycJ9GZY0kh_vc6QJ96L-1mHT1U/edit?usp=sharing The problem is that this exception is not redirecting to my aspx code, so I cannot catch the error. How can I fix this problem, advertising the user in a friendly way that the certificate is really expired? Thanks a lot Hector

Všetky odpovede (2)

gnittala
gnittala
more options

Hello, Can you please confirm the following

1. You are setting up an expired certificate as the host certificate for your host (or) are you trying to sign an ASPX file with an expired certificate? 2. The webserver where you are hosting this ASPX (IIS I presume), has only certificate based authentication enabled - is that right? 3. You are seeing that when the user opens the website they are prompted that the certificate has expired, and even if they chose to move forward, they are not able to - is that the issue? 4. If (3) is not the issue and you want to be able to get access to the certificate-expiration error as part of the ASPX code, then that wouldn't be possible because the certificate validation would happen as part of the TLS connection negotiation

If you can please provide some more details, it will help.

Thank you

hecferme
hecferme Autor otázky
more options

hello, gnittala.

thanks for replying.

these are the answers for your questions.


1. we are not using an expired certificate as the host certificate. we are trying to access an aspx file configured in iis with request client certificate. the host certificate is ok (not expired).

2. no. it has just windows authentication. The client certificate is requested for a page that needs it for ssl.

3. no. the certificate appears expired in the firefox certificate dialog, but it lets me keep that certificate selected and continue. then, ff reports the access denied error.

4. we thought we could display a customized error in our code; however, according to your assertion, it is impossible.

thanks a lot.