|Applies To||RSA Key Manager Server|
Microsoft Internet Information Services (IIS) 6.0
|Issue||Unable to get key, IIS shows error 403 - 2148204801|
RKM client unable to get a key
RKM client unable to establish an SSL connection
RKM client is not reaching RKM Server
Client certificate has expired / is not valid
|Resolution||By default, IIS will log all access and connections attemps in C:\WINDOWS\system32\LogFiles\W3SVC1|
If you look at a log entry, you will see something like:
2009-04-23 15:29:53 W3SVC1 127.0.0.1 GET /KMS/provider - 443 - 127.0.0.1 - 403 16 2148204801
That specific error message means that the client certificate provided has expired. You will have to re-issue the client certificate or issue a new one.
|Notes||To see a textual meaning of the error, you can run in a command prompt:|
certutil -error 2148204801
Error message text: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file
CertUtil: -error command completed successfully.
|Legacy Article ID||a45738|