IIS 7.0: Why does Require Client Certificates cause error 500 and “page cannot be displayed”

certificateiis-7

I have two Windows 2008 x86 servers running IIS 7.0, one site on each server; both sites are SSL-enabled, using DoD-issued certificates. Both sites are accessible via https over port 443, but fail the moment Client Certificates are set to Require or Accept. IIS log records error 500.0.64 but nothing else.

I have several Windows 2008 IIS 7 x64 servers that require client certificates and they are working as expected; it's just the two x86 servers that are being problematic.

Best Answer

The solution can be found here and is related to MS KB977377. The choices are

Remove MS update KB977377

Change the vlaue of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnServer to 0

Related Solutions

Iis – “Unable to connect to remote server fail” in HttpWebRequest

You're probably hitting a MaxConnection issue. Take a look at chapter 10 of Improving .NET Application Performance and Scalability, specifically this section on Connections.

You might need to add a section in the machine.config like this:

<connectionManagement>
  <add address="*" maxconnection="12"/>
</connectionManagement>

Which is detailed in the MSDN Library.

Ssl – Run 2 seperate IIS sites, with seperate SSL certificates on same server

To my knowlege not possible due to security constraints - you need two ip addresses. IIS tries to fowward the request to the proper sub-instance BEFORE decoding it, and it can thus not evaluate the host header via https.

So, for SSL you need multiple ip addresses.

Best Answer

Related Solutions

Iis – “Unable to connect to remote server fail” in HttpWebRequest

Ssl – Run 2 seperate IIS sites, with seperate SSL certificates on same server

Related Topic