none
Client certificate does not arrive on the web server RRS feed

  • Question

  • Hi,

    I would like to identify users that connect on a intranet web server (IIS) with client certificates.

    I've set up a CA server on a Windows 2003 server pc. On my development pc, i've a windows xp with a web server (IIS) running.
    From my web server, i generated a certificate request (i specified the netbios name of my web server because this setup is for an intranet), i used that request to generate a web server certificate and i  installed it on my IIS to allow SSL connection. . Now, i can connect with https to my web server from an internet explorer. I configured the web server to 'require client certificates'.

    I would like to authenticate the users with a client certificate installed on each users pc. My CA server allows users to request a client certificate (domain user) from the CA server just by typing the url of the CA server and click 'User Certificate', 'submit' and then 'Install this certificate'.

    In order to test my setup, i opened a Internet Explorer from a pc which resides in the domain and i requested and installed the user certificate. Then i connected to my web server and i get a window with the title "Choose a digital certificate". This window is always empty and never proposes the client certificate i previously installed on the user pc.

    I've no idea of what i missed during my setup. I'm still wondering how the browser knows how to select which certificate must be displayed according to the url typed in the address bar.

    Any help on how to send a client certificate to my web server is welcome. I googled and i tried a lot of examples that didn't work for me.

    Thank you,

    Frédéric

    Monday, March 1, 2010 3:32 PM

Answers

  • It's solved....

    At the server side, in the IIS configuration of the Default Web Site, right click -> properties -> Directory security (Secure communications) -> edit then check the option "Enable certificate list" and create an entry for your Certificate Authority (the one you use to generate the certificate). It must be picked up from a list fed by the trusted store.

    Now my client certificate appears in the list when i connect with the web browser.

    • Marked as answer by Fred-dB Tuesday, March 2, 2010 1:38 PM
    Tuesday, March 2, 2010 1:38 PM