Published on Digi-Sign, The Certificate Corporation (https://www.digi-sign.com)

Home > Digi-Access™ Error 403 Pages (IIS Only)

By Digi-Sign
Created May 15 2010 - 19:18

Digi-Access™ Error 403 Pages (IIS Only)

Installing the Digi-Access™ error pages

Allow
10 Minutes		  
     

Microsoft® IIS server has specific default error pages designed to work with Digi-Access™ certificates. To enhance the user experience you should replace these default error pages with the customised Digi-Access™ error 403 pages [1].

The error handlers within IIS display default error pages depending on the specific issue that occurs on the server. The error message on each of these pages and their purpose are explained below.

Most error pages on IIS can be customised [2]. The default 403 error pages that relate to the use of Digi-Access™ are stored in the C:\WINDOWS\help\iisHelp\common\ folder. The server Administrator should download the Digi-Access™ error 403 pages [1] and place them in a new folder: (e.g. C:\WINDOWS\help\iisHelp\digi-access\ ). The server should be configured to display these new error pages before being restarted to complete the setup procedure.

  Error   Description
       
  403.7 [3]   Access denied. SSL Client Certificate is Required
       
      The system is using Digi-Access™ two factor authentication and users must have a Digi-Access™ certificate to gain access
       
  403.12 [4]   Access denied due to certificate mapping configuration
       
      Digi-Access™ only uses mapping in highly integrated situations. In most instances, this error page will not display
       
  403.13 [5]   Access denied. The SSL Client Certificate was revoked or revocation status can not be established
       
      The specific Digi-Access™ certificate being used is invalid/out-of-date. The user must get a new Digi-Access™ certificate is required
       
  403.16 [6]   Access denied. The SSL Client Certificate is incorrect or is not trusted by the server
       
      The user has incorrectly selected a different type of digital certificate (i.e. not the required Digi-Access™ certificate)
       
  403.17 [7]   Access denied. The SSL Client Certificate has expired or is not yet valid
       
      The user's Digi-Access™ certificate has expired and they must request a new one from the Digi-Access™ system
       
       


Customising the Error Pages


How to get the Digi-Access™ DN Codes

Instructions on how to get the unique Digi-Access™ DN Codes

Allow
5 Minutes

For every Digi-Access™ customer, a unique Digi-Access™ RA is activated so that the customer can manage the end users Digi-Access™ certificates. Once the [8]order for your customer has been approved, the Digi-Access™ RA is activated and you are notified automatically.

To complete the server configuration you require the two unique organizationalUnitName [ [9]OU] codes. These are provided automatically in the Digi-Access™ tab of the Digi-CA™ Control Centre (Digi-Access™):



Depending on the level of service you are providing to your customer either you:

1. will have access to the Digi-Access™ RA because you are managing and issuing certificates to the end users; or

2. your customer's Administrator is managing the certificates and therefore you do not have access to the Digi-Access™ RA

In the case where you do not have access the to Digi-Access™ RA, ask your customer's Administrator to provide the organizationalUnitName 1 and organizationalUnitName 2 codes as shown on the Digi-Access™ tab of the Digi-CA™ Control Centre (Digi-Access™)

Source URL: https://www.digi-sign.com/support/digi-access/iis%20errors

Links:
[1] https://www.digi-sign.com/downloads/download.php?id=digi-access-403
[2] http://technet.microsoft.com/nl-nl/library/cc753103(WS.10).aspx
[3] https://www.digi-sign.com/403-7.htm
[4] https://www.digi-sign.com/403-12.htm
[5] https://www.digi-sign.com/403-13.htm
[6] https://www.digi-sign.com/403-16.htm
[7] https://www.digi-sign.com/403-17.htm
[8] https://www.digi-sign.com/arp/ordering
[9] https://www.digi-sign.com/digi-access/configure#ou