We Keep Coding

403 - forbidden access is denied. IIS

I have hosted a site in IIS (Version 10.0.16299) on windows 10.
My site running under SSL required. When my site running with SSL required I am getting error
403 - Forbidden: Access is denied.
But when I disable required SSL, I am not receiving this kind of error everything is working fine.
But in my case, it is a must to use a required SSL connection.
The IIS hosted site is a simple directory browsing site.
How can I use it with the required SSL?
And I have attached the Trace root are in the below link.
Failed Trace root file

I reviewed your FRT log and the error message is 403.7-Client certificate required.
It is obviously that you are Setting Client certificates to required. If you don't need client certificate authentication for your web application, then Require is not required.
If you just want to enable SSL for your https site,Check Require SSL and set client certificate to ignore is enough.
Please keep in mind that you need to Set Client Certificates to required only when your web app require to pass client certificate from client side

It's a certification related issue we observed and resolved when installed the right certificate in the trusted root.

Configuration need to change on IIS
Occurrence of 403 is not only particular instance, it's IIS configuration part, in most case you can resolve from IIS it's self, there might be some restriction level in IIS setting, you can check on IIS where your site hosted, find IP Address and Domain Restrictions option and check there will an entry to allow specif IP address, we need to update that entry by checking Edit Feature Settings... enter image description here then need to select Access for unspecified clients: earlier may be Deny instead of this we need to allow enter image description here. after those changes, your url available to access if you have same issue which I described.

Cannot access ADFS end point /adfs/ls/

I set up an ADFS environment Windows Server 2012 R2 by the following steps:
creating a certificate file;
Install ADFS through Server management;
Configure ADFS with the certificate file created in #1
the above 3 steps runs successfully but I cannot access the endpoint https://[DomainControllerName]/adfs/ls. Sometimes it shows 503 error page and sometimes it just says "the webpage is not available".
Does anyone encounter the similar problem? Please help. Really appreciated!

That's not a valid endpoint.
ADFS is expecting protocol parameters after that.
Try the metadata endpoint:
https://myserver.domain.com/FederationMetadata/2007-06/FederationMetadata.xml

HTTPS communication in ServiceFabric Local Cluster

Here's my setup
an IdentityServer 4 as a stateless reliable ASP.NET Core service.
a WebAPI as a reliable ASP.NET Core service.
using them with a JS client, it is now working with HTTP. The problem is with HTTPS. The WebAPI needs to request the openID config via htttps [is4URL].well-known/openid-configuration. I'm getting this error
System.InvalidOperationException: IDX10803: Unable to obtain
configuration from:
'https://localhost:9999/.well-known/openid-configuration'. --->
System.IO.IOException: IDX10804: Unable to retrieve document from:
'https://localhost:9999/.well-known/openid-configuration'. --->
System.Net.Http.HttpRequestException: An error occurred while sending
the request. ---> System.Net.WebException: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS
secure channel. --->
System.Security.Authentication.AuthenticationException: The remote
certificate is invalid according to the validation procedure.
can anybody help me to make this work in localhost with the SF Local Cluster Manager?
Thanks

Here's my two cents worth but it will need to be verified...
I am assuming that you have created a self-signed certificate using following article or similar but the certificate has same properties.
https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate
This means that the certificate can not be verified via actual CA. Ofcourse with self-signed certificate this is not possible.
Now when you upload the certificate to Azure App Service it installs in CurrentUser - MyStore. With self-signed certificate, it also needs to be installed in LocalMachine Root store.
This is becouse then the machine's Certificate Authority can verify that certificate to be valid. (May be a security expert can correct me if I am wrong but thats my theory). I have got same setup on my locally hosted windows server where the self-signed certificate is installed in Root Certificate Store as well as Personal store and the app works. This is the reason I belive this happens.
So this part which needs to be verified. Following is the article which shows you how you can do this in Azure App service.
https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-configure-ssl-certificate-portal
AGAIN THIS IS JUST A THEORY THIS NEEDS TO BE VERIFIED. :)
EDIT:
I have just tested this and it is the case. In cloud services you can do as shown in second link above and create Web Job which install certificate in appropriate store.
For Azure App Service unfortunaltly you dont have access to root store. It has to be install in CurrentUser's personal store. Which means the self signed certificate will not work, and you have to purchase a real certificate. :( I think this is a real thumb down to Microsoft. Why should I need to pay for real certificate for my dev/test environment? (Rant Over)
For Service Fabric you will need to find out how to install certificate in Root Store as well as personal store (if thats possible at all). Here's Links that might be useful
http://ronaldwildenberg.com/running-an-azure-service-fabric-cluster-locally-on-ssl/
https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-security-update-certs-azure
Hope this helps.

WCF : Could not establish trust relationship for the SSL/TLS secure channel with authority error

I have a client site that when a button is clicked it calls a wcf web service. The client site is http, while the url for the web service is https and requires a certificate. I have a valid signed private key certificate I am using.
Everything works fine on my localhost; however, after deploying to a windows 2003 server running iis 6, I get the below error when the web service is called:
Could not establish trust relationship for the SSL/TLS secure channel
with authority "host's url"
I added the cert to the store, using same web.config that works locally. I have validated that the web service call finds and sets the valid X509Certificate.
Not sure what I am missing, and I don't want to override the servicepiont manager to return true every time.
Any ideas or things I might looks into?

Found the problem.
The root certificate which the host of the web service uses was not trusted by my server. (not sure why it was on my local machine and not my server). I found this out by opening the host's url in a web browser from the server to view their wsdl and got the security warning.
Remedy: went to the issuer's site downloaded their root cert and added to my trusted root certifcation authorities.
Bam, it works now.

If it is a private cert it must be added to both the client and the server as no client can validate its root key.

SSL client Certificate windows

I need to make my iis authentication via client certificate offline. My iis don't have online enrollment. It need to be done offline. I configured SSL in IIS. I managed to create csr file locally manually and sent to CA enrollment server i was able to issue certificate. I exported cer and imported in my client machine but while accessing iis application it is not using my certificate i am getting "HTTP Error 403.7 - Forbidden: SSL client certificate is required." how to solve it. Can somebody help me with step by procedures. thanks.

Check in IIS.
Go to Website->SSL Settings
Do accept it in place of require and it will work for you.