Could be a cert trust issue:
https://stackoverflow.com/questions/26247462/http-error-403-16-client-certificate-trust-issue
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Good day,
I was setting up CBA for active sync and owa on exchange on premise 2019 following this guide https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/configure-certificate-based-auth?view=exchserver-2019 on my test environment.
Everything went smoothly, but when I Check OWA or ActiveSync virtual directory to require client certificate and connect through browser and prompt to choose user certificate I get error 403 "You don't have the user rights to view this page." Without virtual directory set to requiring client certificate everything works great.
Here is log of 403 in IIS: 2025-01-15 09:15:24 ::1 GET /OWA/auth.owa &encoding=; 443 - ::1 AMProbe/Local/ClientAccess - 403 7 5 19.
For CA I am using AD CA installed on domain controller, and for certificates issuance to user I use copy of user template and autoenrollment. User certificate picture is attached.
Server certificate is generated on offline Linux server CA, and this CA is trusted on domain. I really have no idea what else to do to make CBA work, maybe somebody can give some more suggestions??? certif.PNG
Could be a cert trust issue:
https://stackoverflow.com/questions/26247462/http-error-403-16-client-certificate-trust-issue
Hi @Evald Gruzdev ,
Welcome to the Microsoft Q&A platform!
Based on your description, you have completed many settings correctly, but the 403 error indicates that there may be a problem with the client certificate authentication configuration. There are several things you can check and try:
Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.
Best,
Jake Zhang
Hi @Evald Gruzdev ,
Based on your description, you managed to get OWA to work with certificates on both the PC and iPhone. For ActiveSync issues, here are some additional suggestions that may help you resolve 403 errors:
Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.
Best,
Jake Zhang