000026061 - Error 'HTTP/1.1 403 Forbidden' when trying to get a key

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026061
Applies ToRSA Key Manager Client
IssueError "HTTP/1.1 403 Forbidden" when trying to get a key
Invalid CRL Distribution Point in RKM client certificate will return an HTTP/1.1 403 Forbidden error message
CauseThe client certificate contains a CRL Distribution Point extension and that CRL is not accesible.
ResolutionIf your webserver is configured to validate all client certificates, then the CRL defined by the "CRL Distribution Point" extension must be accessible and valid (up to date).

To correct the issue, you can

1. Disable client certificate validation in your webserver. Consult your webserver's documentation to change the setting. If you are using IIS, you can follow this solution : a39779 - How to turn on or off CRL checking on IIS 6.0
2. Reissue your client certificate so that there is no CRL DP extension.
Legacy Article IDa39631