Trying to sign a page with an expired certificate, FF 20 allows me to select it and then shows the "401-Access is denied" message. How can I fix it?
I am trying to sign an aspx page using an expired client certificate; when ff reads it, it says it is expired, but allows me to choose it as my credentials and tries to sign the page, failing with a 401 error, instead of showing me the sec_error_expired_certificate error that it is supposed to catch. In IE 10 the expired certificate is not even shown at all. The URL with an image of the expired certificate details that ff shows is https://docs.google.com/drawings/d/1lT9eaRWKKwRWz-N0KycJ9GZY0kh_vc6QJ96L-1mHT1U/edit?usp=sharing
The problem is that this exception is not redirecting to my aspx code, so I cannot catch the error. How can I fix this problem, advertising the user in a friendly way that the certificate is really expired?
Thanks a lot Hector
- User Agent: Mozilla/5.0 (Windows NT 6.1; rv:25.0) Gecko/20100101 Firefox/25.0
Hello, Can you please confirm the following
1. You are setting up an expired certificate as the host certificate for your host (or) are you trying to sign an ASPX file with an expired certificate? 2. The webserver where you are hosting this ASPX (IIS I presume), has only certificate based authentication enabled - is that right? 3. You are seeing that when the user opens the website they are prompted that the certificate has expired, and even if they chose to move forward, they are not able to - is that the issue? 4. If (3) is not the issue and you want to be able to get access to the certificate-expiration error as part of the ASPX code, then that wouldn't be possible because the certificate validation would happen as part of the TLS connection negotiation
If you can please provide some more details, it will help.
thanks for replying.
these are the answers for your questions.
1. we are not using an expired certificate as the host certificate. we are trying to access an aspx file configured in iis with request client certificate. the host certificate is ok (not expired).
2. no. it has just windows authentication. The client certificate is requested for a page that needs it for ssl.
3. no. the certificate appears expired in the firefox certificate dialog, but it lets me keep that certificate selected and continue. then, ff reports the access denied error.
4. we thought we could display a customized error in our code; however, according to your assertion, it is impossible.
thanks a lot.