Setup SSL Mutual Authentication

Also I have added client certificate in CA trust root still it doesn't show the certificate when I directly access the web service. It shows the dialog box but asking to select certificate but doesn't show any certificate in the list.

The client cert was issues from a CA.

The client cert is only for Server Authentication purpose marked. I am not able to add the purpose for client certification.

Client certificate is listed in certmgr.msc under Personal - Certificates. Where should I check it for private key. from certmgr.msc itself ?

Private key is visible now. Also the problem is same.
Should I also download GEO Trust Root CA as root Certificate ?

Hello Paranormastic,

Everything is same as you asked for. Still I have the same problem. Just to make sure how should I get
root CA certificate.I feel problem might be there. I went on the site of the issuer of the client certificate and downloaded Root Certificate and added in CA trust root. Please let me know if I am wrong on this.

Server Authentication isn't going to do it.  You need to get a certificate based off of the User template (or a template duplicated from User).

Last post was assuming it was issued from your own CA.  If it was issued from GeoTrust then you should talk to them about getting your money back and getting a user certificate with the Client Authentication EKU - if they have one they should be able to recommend a product for you.  The server and client would need to trust the root certificate of whatever CA - if it is GeoTrust there is a very good chance it is already there they have been around for a long time and have extremely good product integration.

Can you please describe in set of steps exactly how we should be configuring the Mutual SSL authentication on IIS 6 for ASP.NET C# Web Services. I would appreciate if you can exactly layout the steps on which type of certificate is required on server and client, how it will be configured on either side and what is required in the code to actually make it work.

On the server itself where I have hosted web service, when I try to access the web service from the browser it shows the client certificate in the list. When I select the certificate and click OK it opens the web service while if I don't select the certificate and click OK it doesn't take me to the web service page and shows the error "The page requires client certificate" on the page.

When I try to access the URL of the server to access web service from my local machine or any other machine it doesn't show client certificate in the list of dialog box.

Please suggest how should I follow ahead.

We are able to authenticate with valid certificates issued by valid CA but the same approach is not working for test certificates. Is there other way to for authentication with test certificates ?

We are able to use Valid certificates signed by trusted CA as Client Certificate successfully but we are not able to use self signed certificate as client certificate.

We have stored self signed certificate in local machine account as well as same certificate in Trusted Root store. Now when we go to give IIS permission to this certificate it gives the error "Private key is not accessible". Ofcourse the sefl signed certificate we are using doesn't have private key. Is there any other way to give permission to self signed certificate to be used as client certificate. Please suggest.