Cannot authenticate against Microsoft IIS Server with user smartcard certificate using Google Chrome
Reported by
urmas.va...@eesti.ee,
Jan 18
(4 days ago)
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 Steps to reproduce the problem: 1. Open IIS https website in Chrome. 2. Select user smartcard certificate for two way SSL. 3. Enter user smartcard PIN. What is the expected behavior? Open web page. What went wrong? This site can’t be reached The connection was reset. Try: Checking the connection Checking the proxy and the firewall Running Windows Network Diagnostics ERR_CONNECTION_RESET Did this work before? N/A Chrome version: 71.0.3578.98 Channel: stable OS Version: 10.0 Flash Version: All ohter tested browsers (IE, Edge, Firefox, Safari (Windows)) works fine with the same configuration. Windows IIS server is not accessible - we get error with TLS negotiation after entering smart card pin: in schannel log we can find event 36888: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal alert code is 40. One way SSL to IIS site works fine, problem seems to be with user certificate and Chrome. In Chrome network log (attached) we can find socket errors: 1) --> net_error = -110 (ERR_SSL_CLIENT_AUTH_CERT_NEEDED) 2) --> net_error = -101 (ERR_CONNECTION_RESET)
,
Jan 18
(4 days ago)
Can you provide a NetLog from Chrome Canary - https://www.google.com/chrome/canary/ ?
,
Jan 18
(4 days ago)
,
Jan 19
(3 days ago)
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 20
(2 days ago)
,
Yesterday
(39 hours ago)
I think I had the same bug, with the same error messages of ERR_CONNECTION_RESET whenever I tried navigating to Twitter (and other websites as well). It seems the latest Canary build of 73.0.3679.0 has solved the issue, and it is not working well for me.
,
Today
(22 hours ago)
I have the same error with Canary build 73.0.3679.0. I also have to mention we have 2 different sets of smartcards and problem is only with new set.
,
Today
(18 hours ago)
Sorry for my previous comment - "it *is* working well for me."
,
Today
(14 hours ago)
atgardner: Are you using a smart card with Twitter? If not, it's not the same bug :) re Comment #9: Can you please provide a NetLog from a working and non-working card, then?
,
Today
(13 hours ago)
I apologize for hogging your bug. All I know was that yesterday morning I couldn't browse to twitter.com, and other sites as well. Looking at the console, I saw many ERR_CONNECTION_RESET errors. Browsing at the exact same time from a Chrome dev install, and from IE and Edge, the network seemed to have worked just fine. Searching in the issue database here, I saw this recent bug mentioning ERR_CONNECTION_RESET. I should have checked it more closely before declaring it's working. Sorry again.
,
Today
(11 hours ago)
If you're still having issues, please file a separate ticket and provide a NetLog as requested in comment #11. ERR_CONNECTION_RESET can mean many things. Let's keep this one for just the smartcard issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by jdeblasio@chromium.org
, Jan 18 (4 days ago)Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug