locked
Web service two-way SSL authentication RRS feed

  • Question

  • User195343576 posted

    I have a webservice working  with ssl I have an authorized certificate on the server and everything works good. I wan't the ssl connection to "Require client side certificate". Do I need to take the same certificate that I installed on the server and install on the client? I did some test took the same certificate and installed it on the clien in in local computer -> personal -> certificates but still get "HTTP Error 403.7 - Forbidden: SSL client certificate is required." when trying to access the webservice. I know installing the same certificate on both the server and the client seems completly wrong but after doing research am still not sure what the next step is...

    Help is much appreciated..

    Alex

    Friday, January 18, 2013 8:55 AM

Answers

All replies

  • User-1000095884 posted

    Hi,

    For this issue, I'd suggest you take a look at a blog below that demonstrate how do a mutual SSl authenticatiojn.

    #An Introduction to Mutual SSL Authentication

    http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication

    Best Regards.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, January 21, 2013 4:35 AM
  • User195343576 posted

    Yes I have read that article a couple days ago. The first step and my first question regards the client certificate see the server has a certificate that is verified and everything is fine for that end but what is the common practice for the client certificate.. I doubt I have to request a certificate from a 3rd party and what not what is the usal common practice should it be a self signed generated certificate? Once I have a client certificate I can then go ahead and start implementing that article..

    Alex

    Monday, January 21, 2013 9:41 AM
  • User-1000095884 posted

    Hi,

    >> I did some test took the same certificate and installed it on the clien in in local computer -> personal -> certificates but still get "HTTP Error 403.7 - Forbidden: SSL client certificate is required."

    Try change the validation mode for the client.

    <serviceCredentials>
              <clientCertificate>
                <authentication certificateValidationMode="PeerOrChainTrust"/>
             </clientCertificate>
    </serviceCredentials>
    

     

    You can use X.509 Certificate Tool to create a certificate. Since it use ChainTrust mode by default, you need specify a different validation mode with ServiceCredentials.

    Best Regards.

    Wednesday, January 23, 2013 12:52 AM