|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Setup IIS with Client CertificatesI'm doing tests on IIS6 with client certificates. What I wan't to realize is, that users must have a valid client certificate for accessing a website. There are 3 machines involved: IIS (2003 standard server with IIS, isolated - no domain member) CS ( 2003 standard server with certificate services XP (Windows XP Client) Here is what I've actaully done: - created a web site (IIS) - created a ssl certificate with selfssl (IIS) - activated ssl for a virtual directory of the website (IIS) - installed certificate services (CS) - accessed http://m2/certsrv and requested a user certificate (XP) - build the user certificate (CS) - installed the user certificate (XP) - added the CA (CS) to the trusted CAs on XP The client certificate is now shown as valid on XP for Filesystem encryption, E-Mail, Clientauthentication. On IIS I did the follwing - added the CA (CS) to the trusted CAs on IIS - installed the user certificate of XP (Its under Other Persons now) - activated client certificates in IIS and created a link from the certificate to local admin for testing purposes. Now what happens if I try to reach the virtual directory is: HTTP Error 403.7 - Forbidden: SSL client certificate is required. What am I doing wrong? O.K. i don't use any certificates of default trusted CAs but I guess a test should work with simple self generated certificates. Must there be any connection between the certificate server and the server with IIS - do they have to be in the same domain? Please help me with this Yvonne The Clien Hello,
How to accessing website? can you see a client certificate in IE? -- Show quoteHide quoteJerry <Yvonne.Lebha***@habmalnefrage.de> ???? news:1156940495.104005.113470@h48g2000cwc.googlegroups.com... > Hello, > > I'm doing tests on IIS6 with client certificates. What I wan't to > realize is, that users must have a valid client certificate for > accessing a website. > > There are 3 machines involved: > IIS (2003 standard server with IIS, isolated - no domain member) > CS ( 2003 standard server with certificate services > XP (Windows XP Client) > > Here is what I've actaully done: > - created a web site (IIS) > - created a ssl certificate with selfssl (IIS) > - activated ssl for a virtual directory of the website (IIS) > - installed certificate services (CS) > - accessed http://m2/certsrv and requested a user certificate (XP) > - build the user certificate (CS) > - installed the user certificate (XP) > - added the CA (CS) to the trusted CAs on XP > > The client certificate is now shown as valid on XP for Filesystem > encryption, E-Mail, Clientauthentication. > > On IIS I did the follwing > - added the CA (CS) to the trusted CAs on IIS > - installed the user certificate of XP (Its under Other Persons now) > - activated client certificates in IIS and created a link from the > certificate to local admin for testing purposes. > > Now what happens if I try to reach the virtual directory is: > > HTTP Error 403.7 - Forbidden: SSL client certificate is required. > > What am I doing wrong? O.K. i don't use any certificates of default > trusted CAs but I guess a test should work with simple self generated > certificates. Must there be any connection between the certificate > server and the server with IIS - do they have to be in the same domain? > > > Please help me with this > > Yvonne > > > > > The Clien > 
Other interesting topics
IIS 6 Question: How to Publish from FrontPage 2003
Intranet Security IIS Failover and CLustering or Virtual Server TEchnology? IIS FTP server authentication via Kerberos remove users from ftp site server certificate from cert service Security on inetpub/wwwroot Should ADFS be implemented when... IIS Newbie question How to Combine Anonymous IUSR and Integrated Windows on one site |
|||||||||||||||||||||||
