on Nov 5, 2018Article Content
| Article Number | 000036908 |
| Applies To | RSA Product Set: Archer RSA Product/Service Type: RSA Archer (On-Premise) RSA Version/Condition: 6.2.0.4, 6.x Platform: Windows Product Name: RSA-0012000 Product Description: Archer Platform |
| Issue | When attempting to access the Archer site, the following error is returned to the user via the browser: HTTP 403.16 Forbidden: Client Certificate Untrusted or Invalid |
| Cause | Microsoft IIS has been configured to process client certificates and the client's certificates are getting rejected by the Microsoft IIS server. |
| Resolution | When client certificates are enabled, the client certificates that have been pushed out through Group Policy to the Archer end-users must be accepted by the Microsoft IIS Servers running RSA Archer or this error will occur. Work with the Group Policy Administrator and Domain Administrator for the network to confirm the below:
|
| Workaround | Archer does not require Client Certificates and Microsoft IIS is configured out of the box to ignore Client Certificates. As such, you can return Microsoft IIS to the out of the box default by Disabling Client Certificates in Microsoft IIS for Archer:
|