SSLv3 with certificate issued by Intermediate certificae authority

after enabelling SSLv3 (Require client certificate) , the authentication
proccess fails.
I know that while the SSL/TLS Handshake, the server send a
certificateRequest message that prompt the client browser for a valid
certificate.

The CertificateRequest message include only Root CA certificates from the
locale machine store.

I am trying to authenticate to the web server with certificate issued by
Intermediate certificae authority, which the server trust it's root CA
certificate - without a success...

How can I configure the IIS to accept connection with client certificates
issued by the Intermediate certificae authority without the need to add the
Intermediate certificae to the trusted list (which is the basic idea by
building the trust chain)?

thanks.

Re: SSLv3 with certificate issued by Intermediate certificae authority

Just because I trust the Root CA, it does not mean I trust certificates
issued by an intermediate CA...

Cheers
Ken



"TheDudi" wrote in message
news:338677E1-A5D7-4E7D-BC46-D48FDF217233@microsoft.com...
> after enabelling SSLv3 (Require client certificate) , the authentication
> proccess fails.
> I know that while the SSL/TLS Handshake, the server send a
> certificateRequest message that prompt the client browser for a valid
> certificate.
>
> The CertificateRequest message include only Root CA certificates from the
> locale machine store.
>
> I am trying to authenticate to the web server with certificate issued by
> Intermediate certificae authority, which the server trust it's root CA
> certificate - without a success...
>
> How can I configure the IIS to accept connection with client certificates
> issued by the Intermediate certificae authority without the need to add
> the
> Intermediate certificae to the trusted list (which is the basic idea by
> building the trust chain)?
>
> thanks.
>

Re: SSLv3 with certificate issued by Intermediate certificae autho

Isn't it the default idea when the server trust on root CA, it shoud trust by
default on all the issued certificates from that CA?

"Ken Schaefer" wrote:

> Just because I trust the Root CA, it does not mean I trust certificates
> issued by an intermediate CA...
>
> Cheers
> Ken
>
>
>
> "TheDudi" wrote in message
> news:338677E1-A5D7-4E7D-BC46-D48FDF217233@microsoft.com...
> > after enabelling SSLv3 (Require client certificate) , the authentication
> > proccess fails.
> > I know that while the SSL/TLS Handshake, the server send a
> > certificateRequest message that prompt the client browser for a valid
> > certificate.
> >
> > The CertificateRequest message include only Root CA certificates from the
> > locale machine store.
> >
> > I am trying to authenticate to the web server with certificate issued by
> > Intermediate certificae authority, which the server trust it's root CA
> > certificate - without a success...
> >
> > How can I configure the IIS to accept connection with client certificates
> > issued by the Intermediate certificae authority without the need to add
> > the
> > Intermediate certificae to the trusted list (which is the basic idea by
> > building the trust chain)?
> >
> > thanks.
> >
>
>
>

Re: SSLv3 with certificate issued by Intermediate certificae autho

If I trust RootCA, then I trust all certificates signed by RootCA.

That does not automatically mean that I trust all certificates signed by
IntermediateCA.

Cheers
Ken



"TheDudi" wrote in message
news:A8EE7A07-DE6F-4F40-92F7-3D75E9D01BAF@microsoft.com...
> Isn't it the default idea when the server trust on root CA, it shoud trust
> by
> default on all the issued certificates from that CA?
>
> "Ken Schaefer" wrote:
>
>> Just because I trust the Root CA, it does not mean I trust certificates
>> issued by an intermediate CA...
>>
>> Cheers
>> Ken
>>
>>
>>
>> "TheDudi" wrote in message
>> news:338677E1-A5D7-4E7D-BC46-D48FDF217233@microsoft.com...
>> > after enabelling SSLv3 (Require client certificate) , the
>> > authentication
>> > proccess fails.
>> > I know that while the SSL/TLS Handshake, the server send a
>> > certificateRequest message that prompt the client browser for a valid
>> > certificate.
>> >
>> > The CertificateRequest message include only Root CA certificates from
>> > the
>> > locale machine store.
>> >
>> > I am trying to authenticate to the web server with certificate issued
>> > by
>> > Intermediate certificae authority, which the server trust it's root CA
>> > certificate - without a success...
>> >
>> > How can I configure the IIS to accept connection with client
>> > certificates
>> > issued by the Intermediate certificae authority without the need to add
>> > the
>> > Intermediate certificae to the trusted list (which is the basic idea by
>> > building the trust chain)?
>> >
>> > thanks.
>> >
>>
>>
>>

Re: SSLv3 with certificate issued by Intermediate certificae autho

Ok,
So, In order to enable Smart card logon to a windows domain enviernment I
know that i need to update the NTAuth Object with all the issuers
certificates that i want to trust them.
What should i do in my situation, when I want to enable sslv3 authentication
on IIS Server? Should i add to the certificate store all the issuers
certificates that i want to trust on, even then they came from the same Root
CA?

Is there any other solution?

"Ken Schaefer" wrote:

> If I trust RootCA, then I trust all certificates signed by RootCA.
>
> That does not automatically mean that I trust all certificates signed by
> IntermediateCA.
>
> Cheers
> Ken
>
>
>
> "TheDudi" wrote in message
> news:A8EE7A07-DE6F-4F40-92F7-3D75E9D01BAF@microsoft.com...
> > Isn't it the default idea when the server trust on root CA, it shoud trust
> > by
> > default on all the issued certificates from that CA?
> >
> > "Ken Schaefer" wrote:
> >
> >> Just because I trust the Root CA, it does not mean I trust certificates
> >> issued by an intermediate CA...
> >>
> >> Cheers
> >> Ken
> >>
> >>
> >>
> >> "TheDudi" wrote in message
> >> news:338677E1-A5D7-4E7D-BC46-D48FDF217233@microsoft.com...
> >> > after enabelling SSLv3 (Require client certificate) , the
> >> > authentication
> >> > proccess fails.
> >> > I know that while the SSL/TLS Handshake, the server send a
> >> > certificateRequest message that prompt the client browser for a valid
> >> > certificate.
> >> >
> >> > The CertificateRequest message include only Root CA certificates from
> >> > the
> >> > locale machine store.
> >> >
> >> > I am trying to authenticate to the web server with certificate issued
> >> > by
> >> > Intermediate certificae authority, which the server trust it's root CA
> >> > certificate - without a success...
> >> >
> >> > How can I configure the IIS to accept connection with client
> >> > certificates
> >> > issued by the Intermediate certificae authority without the need to add
> >> > the
> >> > Intermediate certificae to the trusted list (which is the basic idea by
> >> > building the trust chain)?
> >> >
> >> > thanks.
> >> >
> >>
> >>
> >>
>
>
>

Re: SSLv3 with certificate issued by Intermediate certificae autho

"TheDudi" wrote in message
news:CE1FDE86-9048-415B-916B-DADE21B41A04@microsoft.com...
> Ok,
> So, In order to enable Smart card logon to a windows domain enviernment I
> know that i need to update the NTAuth Object with all the issuers
> certificates that i want to trust them.
> What should i do in my situation, when I want to enable sslv3
> authentication
> on IIS Server? Should i add to the certificate store all the issuers
> certificates that i want to trust on, even then they came from the same
> Root
> CA?

Correct

Cheers
Ken


>
> Is there any other solution?
>
> "Ken Schaefer" wrote:
>
>> If I trust RootCA, then I trust all certificates signed by RootCA.
>>
>> That does not automatically mean that I trust all certificates signed by
>> IntermediateCA.
>>
>> Cheers
>> Ken
>>
>>
>>
>> "TheDudi" wrote in message
>> news:A8EE7A07-DE6F-4F40-92F7-3D75E9D01BAF@microsoft.com...
>> > Isn't it the default idea when the server trust on root CA, it shoud
>> > trust
>> > by
>> > default on all the issued certificates from that CA?
>> >
>> > "Ken Schaefer" wrote:
>> >
>> >> Just because I trust the Root CA, it does not mean I trust
>> >> certificates
>> >> issued by an intermediate CA...
>> >>
>> >> Cheers
>> >> Ken
>> >>
>> >>
>> >>
>> >> "TheDudi" wrote in message
>> >> news:338677E1-A5D7-4E7D-BC46-D48FDF217233@microsoft.com...
>> >> > after enabelling SSLv3 (Require client certificate) , the
>> >> > authentication
>> >> > proccess fails.
>> >> > I know that while the SSL/TLS Handshake, the server send a
>> >> > certificateRequest message that prompt the client browser for a
>> >> > valid
>> >> > certificate.
>> >> >
>> >> > The CertificateRequest message include only Root CA certificates
>> >> > from
>> >> > the
>> >> > locale machine store.
>> >> >
>> >> > I am trying to authenticate to the web server with certificate
>> >> > issued
>> >> > by
>> >> > Intermediate certificae authority, which the server trust it's root
>> >> > CA
>> >> > certificate - without a success...
>> >> >
>> >> > How can I configure the IIS to accept connection with client
>> >> > certificates
>> >> > issued by the Intermediate certificae authority without the need to
>> >> > add
>> >> > the
>> >> > Intermediate certificae to the trusted list (which is the basic idea
>> >> > by
>> >> > building the trust chain)?
>> >> >
>> >> > thanks.
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>