Ssl 临时HTTP 403.16禁止的错误-IIS_Ssl_Iis_Ssl Certificate_X509certificate_Windows Container

Ssl 临时HTTP 403.16禁止的错误-IIS

ssl iis

Ssl 临时HTTP 403.16禁止的错误-IIS,ssl,iis,ssl-certificate,x509certificate,windows-container,Ssl,Iis,Ssl Certificate,X509certificate,Windows Container,我有一个运行在Docker中的IIS站点（mcr.microsoft.com/windows/servercore/IIS:windowsservercore-ltsc2016），在它运行的前5分钟，我收到一个403.16禁止的错误。然后，该网站工作良好。我的安装脚本中的相关行包括： # Install and Configure US DoD InstallRoot, IIS ARR and HTTP Tracing Set-ExecutionPolicy Bypass -Scope Proc

我有一个运行在Docker中的IIS站点（mcr.microsoft.com/windows/servercore/IIS:windowsservercore-ltsc2016），在它运行的前5分钟，我收到一个403.16禁止的错误。然后，该网站工作良好。我的安装脚本中的相关行包括：

# Install and Configure US DoD InstallRoot, IIS ARR and HTTP Tracing
Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install installroot -y
choco install iis-arr -y
Set-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST' -Filter 'system.webServer/proxy' -Name 'enabled' -Value 'True'
Add-WindowsFeature Web-Http-Tracing

#Create and Configure IIS Site
Remove-Website -Name 'Default Web Site'
$iisTheBridgePath = 'C:\inetpub\the-bridge'
New-Item -ItemType Directory -Force -Path $iisTheBridgePath
New-Website -Name 'TheBridge' -PhysicalPath $iisTheBridgePath
# https://github.com/microsoft/iis-docker/issues/67
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.enabled:True" /commit:apphost
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.maxLogFiles:50" /commit:apphost
C:\Windows\System32\inetsrv\appcmd set config -section:system.applicationHost/sites "/[name='TheBridge'].traceFailedRequestsLogging.directory:C:\inetpub\logs\FailedReqLogFiles" /commit:apphost
New-WebBinding -Name 'TheBridge' -IPAddress * -Port 443 -Protocol https
$cert = New-SelfSignedCertificate -DnsName 'localhost' -CertStoreLocation cert:\LocalMachine\My
Get-Item "Cert:\LocalMachine\My\$($cert.Thumbprint)" | New-Item 'IIS:\SSLBindings\0.0.0.0!443' # Attach the certificate to the SSL binding
Import-Module IISAdministration
$configSection = Get-IISConfigSection -SectionPath 'system.webServer/security/access' -Location 'TheBridge'
Set-IISConfigAttributeValue -AttributeName sslFlags -AttributeValue 'Ssl, SslNegotiateCert, SslRequireCert' -ConfigElement $configSection

有什么想法吗？

什么样的客户端证书用于测试？这应该会给你一些额外的提示。@LexLi，美国国防部CAC so X.509证书。