Link to home
Create AccountLog in
Microsoft IIS Web Server

Microsoft IIS Web Server

--

Questions

--

Followers

Top Experts

Avatar of lhaynes
lhaynes

IIS Client Certificates
I've generated a self-signed certificate from my local CA for my webserver, which is running IIS 6.0. The site requires 128-bit SSL and a client certificate.

I requested a client certificate from my local CA by opening http://localca/certsrv in a browser and requesting a User certificate. After requesting and installing the certificate, I'm able to access the webserver. If I install the same certificate as a different user other than the one who requested the certificate, it doesn't work.

Basically I want to be able to generate one certificate for a blanket of users and distribute it. I know this may not be the best idea, but what am I missing here?

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

ASKER CERTIFIED SOLUTION
Avatar of Dave_DietzDave_Dietz🇺🇸

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of lhayneslhaynes

ASKER

I've tried exporting it from the user with and without the private key. I've also tried doing a save as from http://localca/certsrv and installing under a different user rather than installing and exporting.
Avatar of Dave_DietzDave_Dietz🇺🇸

Ahhh, another possibility comes to mind - do the other users have the Root CA certificate installed in their Trusted Root CA store?  If not they will not be able to use any client certificates issued by that CA.

Dave Dietz
Avatar of lhayneslhaynes

ASKER

Yes. The Root CA is in their Trusted CA store.
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of Dave_DietzDave_Dietz🇺🇸

When you say it doesn't work what exactly is the behavior you are seeing?

Dave Dietz
Avatar of lhayneslhaynes

ASKER

The page requires a client certificate
The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server will recognize. The client certificate is used for identifying you as a valid user of the resource.
--------------------------------------------------------------------------------

Please try the following:

Contact the Web site administrator if you believe you should be able to view this directory or page without a client certificate, or to obtain a client certificate.
If you already have a client certificate, use your Web browser's security features to ensure that your client certificate is installed properly. (Some Web browsers refer to client certificates as browser or personal certificates.)
HTTP Error 403.7 - Forbidden: SSL client certificate is required.
Internet Information Services (IIS)

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403.
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Certificates, Using Certificate Trust Lists, Enabling Client Certificates, and About Custom Error Messages.
Avatar of Dave_DietzDave_Dietz🇺🇸

If you log on as one of the other users and open IE and look at the certificates you see the client certificate in the Personal store and the Root CA certificate in the Trusted Root CA store, correct?  (I believe this is the case, just don't want to overlook anything...)

If you open the client certificate when viewing it through IE does it say it has a private key that corresponds to the certificate?

Dave Dietz
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of lhayneslhaynes

ASKER

Good grief... :p

Points awarded for your time. It helps to reopen the browser after installing the certificate.

Thanks Dave.
Microsoft IIS Web Server

Microsoft IIS Web Server

--

Questions

--

Followers

Top Experts

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.