Setup IIS with Client Certificates

Setup IIS with Client Certificates

am 30.08.2006 14:21:35 von Yvonne.Lebhardt

Hello,

I'm doing tests on IIS6 with client certificates. What I wan't to
realize is, that users must have a valid client certificate for
accessing a website.

There are 3 machines involved:
IIS (2003 standard server with IIS, isolated - no domain member)
CS ( 2003 standard server with certificate services
XP (Windows XP Client)

Here is what I've actaully done:
- created a web site (IIS)
- created a ssl certificate with selfssl (IIS)
- activated ssl for a virtual directory of the website (IIS)
- installed certificate services (CS)
- accessed http://m2/certsrv and requested a user certificate (XP)
- build the user certificate (CS)
- installed the user certificate (XP)
- added the CA (CS) to the trusted CAs on XP

The client certificate is now shown as valid on XP for Filesystem
encryption, E-Mail, Clientauthentication.

On IIS I did the follwing
- added the CA (CS) to the trusted CAs on IIS
- installed the user certificate of XP (Its under Other Persons now)
- activated client certificates in IIS and created a link from the
certificate to local admin for testing purposes.

Now what happens if I try to reach the virtual directory is:

HTTP Error 403.7 - Forbidden: SSL client certificate is required.

What am I doing wrong? O.K. i don't use any certificates of default
trusted CAs but I guess a test should work with simple self generated
certificates. Must there be any connection between the certificate
server and the server with IIS - do they have to be in the same domain?


Please help me with this

Yvonne




The Clien

Re: Setup IIS with Client Certificates

am 31.08.2006 10:45:35 von Jerry

Hello,
How to accessing website? can you see a client certificate in IE?

--
Jerry
????
news:1156940495.104005.113470@h48g2000cwc.googlegroups.com.. .
> Hello,
>
> I'm doing tests on IIS6 with client certificates. What I wan't to
> realize is, that users must have a valid client certificate for
> accessing a website.
>
> There are 3 machines involved:
> IIS (2003 standard server with IIS, isolated - no domain member)
> CS ( 2003 standard server with certificate services
> XP (Windows XP Client)
>
> Here is what I've actaully done:
> - created a web site (IIS)
> - created a ssl certificate with selfssl (IIS)
> - activated ssl for a virtual directory of the website (IIS)
> - installed certificate services (CS)
> - accessed http://m2/certsrv and requested a user certificate (XP)
> - build the user certificate (CS)
> - installed the user certificate (XP)
> - added the CA (CS) to the trusted CAs on XP
>
> The client certificate is now shown as valid on XP for Filesystem
> encryption, E-Mail, Clientauthentication.
>
> On IIS I did the follwing
> - added the CA (CS) to the trusted CAs on IIS
> - installed the user certificate of XP (Its under Other Persons now)
> - activated client certificates in IIS and created a link from the
> certificate to local admin for testing purposes.
>
> Now what happens if I try to reach the virtual directory is:
>
> HTTP Error 403.7 - Forbidden: SSL client certificate is required.
>
> What am I doing wrong? O.K. i don't use any certificates of default
> trusted CAs but I guess a test should work with simple self generated
> certificates. Must there be any connection between the certificate
> server and the server with IIS - do they have to be in the same domain?
>
>
> Please help me with this
>
> Yvonne
>
>
>
>
> The Clien
>