Personal SSL Certs do not show up in IE

Personal SSL Certs do not show up in IE

am 07.02.2006 19:07:28 von frank

Hello guys, I hope someone can help me.

We currently have our own CA (Certificate Authority) in the company. I am
trying to make it so only personal Certs issued from our CA can access our
site. I have been able to achieve this partially. Currently our IIS 5.0 (Win
2000) server will only allow users in, if they have a Trusted Personal Cert
(Thawte, Verisign, etc). I realized that by using the CTL (Cert Trust List)
option in IIS I can achieve what I want. So i added our CA to the CTL on the
IIS server. Everything logically makes sense. Now i went to a client machine
to test everything out from issuing a client cert from our CA and installing
it on IE. The client cert installed successfully and I can see it in my IE
(Tools -> Internet Options -> Content -> Certificates) in my Personal Tab i
see my Personal Cert i just installed. Now I go to my SSL site, and a prompt
box comes up, but I do not see my personal Cert I just issued myself. Why is
it that I can see the personal cert in the IE properties, yet when I go to a
site that needs it, it doesn't give me an option to choose this cert?

I checked my IIS server to see if our CA was in the Trusted Root CA and it
is there. Expires in 2017. I also checked to see if our CA was in my local
computer (workstation) Trusted Root CA and it is there as well.

Am i doing something wrong? Please help! Thanks

-Frank

RE: Personal SSL Certs do not show up in IE

am 07.02.2006 19:38:29 von frank

OK fixed the problem. The IIS server did not have the CA Root Cert in the
Trusted CA store. But now i have another problem. I will repost.

"Frank" wrote:

> Hello guys, I hope someone can help me.
>
> We currently have our own CA (Certificate Authority) in the company. I am
> trying to make it so only personal Certs issued from our CA can access our
> site. I have been able to achieve this partially. Currently our IIS 5.0 (Win
> 2000) server will only allow users in, if they have a Trusted Personal Cert
> (Thawte, Verisign, etc). I realized that by using the CTL (Cert Trust List)
> option in IIS I can achieve what I want. So i added our CA to the CTL on the
> IIS server. Everything logically makes sense. Now i went to a client machine
> to test everything out from issuing a client cert from our CA and installing
> it on IE. The client cert installed successfully and I can see it in my IE
> (Tools -> Internet Options -> Content -> Certificates) in my Personal Tab i
> see my Personal Cert i just installed. Now I go to my SSL site, and a prompt
> box comes up, but I do not see my personal Cert I just issued myself. Why is
> it that I can see the personal cert in the IE properties, yet when I go to a
> site that needs it, it doesn't give me an option to choose this cert?
>
> I checked my IIS server to see if our CA was in the Trusted Root CA and it
> is there. Expires in 2017. I also checked to see if our CA was in my local
> computer (workstation) Trusted Root CA and it is there as well.
>
> Am i doing something wrong? Please help! Thanks
>
> -Frank