Access Denied

You have been denied access due to one of the following reasons:

  • You do not have a valid certificate issued from this CA loaded in your browser
    (Some pages e.g. 'Request a Host Certificate' require you have a valid user certificate loaded into your browser)
  • Your certificate has expired
  • Your certificate does not grant you sufficient rights to access the resource
    (Some pages e.g. 'RAOP Home' require a valid RA operator certificate)

If you have loaded your certificate into your browser, you may need to refresh the SSL context by restarting the browser (before you restart the browser close the tab first, then restart). On restart, you should be prompted to select your certificate.



Known Issues


Chrome If you are sure you have loaded your certificate into your browser, you may need to restart Chrome so that you are (re)prompted to select your certificate. Note, by default Chrome does not shut down and runs in the background when you close the Chrome window. You may need to fully close Chrome by un-checking the 'Continue running background apps' checkbox in 'Settings | Show Advanced Settings':

chome settings

Firefox If after loading multiple certificates into your browser you are not prompted with a choice when accessing the portal, please close the tab(s) open to the portal, clear your recent browser cache as detailed below and then restart your browser:

ff settings 1

ff settings 2

Note that you may also need 'Ask me every time' enabled to ensure the correct certificate is in use, found in the Advanced tab of Firefox Options (under 'Certificates'):

ff prompt

Safari If you have a client certificate in your Safari keychain, including certificates not issued from the UK CA, then Safari always (wrongly) insists the user selects a certificate (cancelling leads to denied page). This is because Safari wrongly treats clientAuth="want" (i.e. optional) as clientAuth="Required": See Bug & Bug.

Additionally, Safari 'remembers' SSL certificate choice and will not prompt again after selection. See Here.

--Workaround--:
Use another browser, remove certificates from keychain, or select suitable UK CA client certificate.
Can manually assign a certificate from the keychain as Here.