000012819 - Unable to get key  IIS shows error 403 - 2148204801

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012819
Applies ToRSA Key Manager Server
Microsoft Internet Information Services (IIS) 6.0
IssueUnable to get key, IIS shows error 403 - 2148204801
RKM client unable to get a key
RKM client unable to establish an SSL connection
RKM client is not reaching RKM Server
Client certificate has expired / is not valid
ResolutionBy default, IIS will log all access and connections attemps in C:\WINDOWS\system32\LogFiles\W3SVC1
If you look at a log entry, you will see something like:

2009-04-23 15:29:53 W3SVC1 GET /KMS/provider - 443 - - 403 16 2148204801

That specific error message means that the client certificate provided has expired. You will have to re-issue the client certificate or issue a new one.
NotesTo see a textual meaning of the error, you can run in a command prompt:

certutil -error 2148204801

Error message text: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file
CertUtil: -error command completed successfully.

Legacy Article IDa45738