|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Client certificatesHi,
I've tried to use makecert to generate a self signed client certificate for testing purposes with: makecert -eku 1.3.6.1.5.5.7.3.2 -n "CN=Manuela" -pe -ss My -r Setup and SSL works fine with Windows Server 2003 and IIS6, the client certificate is installed on the client. However, every time I navigate to the site the IE shows an empty selection box for the client cerficate and I can not access the site. It look like that I haven't connected the certificate with the web site and I don't know how to do it. Many thanks in advance. Marcus I haven't used self signed certificates before but I would assume it is
similar to how other certificates are assigned to sites. Go to the properties of the site and click on the Directory Security tab. Then click the Server Certificate... button. Click Next and choose 'Assign an existing certificate'. When you click Next again, it will give you the list of certificates in the server's Certificate Store. Choose the appropriate certificate and finish going through the wizard. Show quoteHide quote "Marcus Müller" <marcusmuel***@gmx.de> wrote in message news:23008DBC-90AF-4001-B44F-A1F7A6590818@microsoft.com... > Hi, > > I've tried to use makecert to generate a self signed client certificate > for testing purposes with: > > makecert -eku 1.3.6.1.5.5.7.3.2 -n "CN=Manuela" -pe -ss My -r > > Setup and SSL works fine with Windows Server 2003 and IIS6, the client > certificate is installed on the client. > However, every time I navigate to the site the IE shows an empty selection > box for the client cerficate and I can not access the site. > > It look like that I haven't connected the certificate with the web site > and I don't know how to do it. > > Many thanks in advance. > > Marcus Hi,
IIS will present a list of CAs that it trusts, and IE will then show you client authentication certificates that are issued by those trusted CAs. If you have issued a self-signed cert to your client, you will need to install this certificate as a trusted issuer on your IIS server as well. This is in addition to any certificate <-> user mapping that you may need to do. Cheers Ken Show quoteHide quote "Marcus Müller" <marcusmuel***@gmx.de> wrote in message news:23008DBC-90AF-4001-B44F-A1F7A6590818@microsoft.com... > Hi, > > I've tried to use makecert to generate a self signed client certificate > for testing purposes with: > > makecert -eku 1.3.6.1.5.5.7.3.2 -n "CN=Manuela" -pe -ss My -r > > Setup and SSL works fine with Windows Server 2003 and IIS6, the client > certificate is installed on the client. > However, every time I navigate to the site the IE shows an empty selection > box for the client cerficate and I can not access the site. > > It look like that I haven't connected the certificate with the web site > and I don't know how to do it. > > Many thanks in advance. > > Marcus  
Other interesting topics
Re: Q: Digital certificate inventory within network?
Windows Authentication Access Denied Error Web App using integrated Active Directory Authentication Problem processing SSL certificate response. Sharing between server Certificate Types webpage permissions IIS requiring Client "Machine" Certificate... possible? localstart.asp vulnerability Anonymous access |
|||||||||||||||||||||||
