This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
After configuring Client Certificate Authentication for XMS but the Client Certificate Request on the both the XMS and Issuing Server is returning a HTTP Response 403 Frobidden
com.zenprise.zdm.pki.spi.IssuingServiceException: Could not sign CSR
at com.zenprise.zdm.pki.internal.util.AbstractIssuingAdapter.issueDirect(AbstractIssuingAdapter.java:147)
at com.zenprise.zdm.pki.internal.util.AbstractIssuingAdapter.issueCredential(AbstractIssuingAdapter.java:92)
at com.citrix.cdg.CommonDeviceGatewayBiz.getAgUserAuthCredential(CommonDeviceGatewayBiz.java:195)
Caused by: com.sparus.nps.pki.CertificateSigningException: Could not sign certificate
at com.zenprise.zdm.pki.util.MsCertSrvSigningService.signRequest(MsCertSrvSigningService.java:107)
at com.zenprise.zdm.pki.util.CredentialCaFactory$CredentialCa.sign(CredentialCaFactory.java:204)
at com.zenprise.zdm.pki.internal.util.AbstractIssuingAdapter.issueDirect(AbstractIssuingAdapter.java:137)
Caused by: java.io.IOException: Cannot obtain certificate from certsrv authority: 403 Forbidden
at com.sparus.nps.pki.connector.MsCertSrvConnector.generateClientIdentity0(MsCertSrvConnector.java:252)
at com.sparus.nps.pki.connector.MsCertSrvConnector.generateClientIdentity(MsCertSrvConnector.java:207)
at com.zenprise.zdm.pki.util.MsCertSrvSigningService.signRequest(MsCertSrvSigningService.java:90)
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello عبدالله محمد ابراهيم
Thank you for posting on the Microsoft Community Forums.
Based on the description, I understand that your issue is related to XMS.
XMS belongs to Citrix, please contact Citrix to resolve your problem.
Kind regards,
Lei