I have a windows 2008 R2 Server that has IIS 7.5 installed.
This server is in Domain X Forest X
I have requested a CRL Cert and applied the Cert to the Server.
I configured bindings to the server https
: port ip
Tested - all works
Now there are users in domain A Forest A
These users have a CAC/PKI card with client certificates
I need to set IIS to request/require Cert (CAC Card) from client
and SSO logon to IIS / APP
I configure the Site to require SSL
Client Certificates = accept
But I keep getting logon box and it wont accept logon or CAC
The site was set to these providers
Anyonmous = disabled
Windows = Enabled
There is not a trust relationship between the domains, but CAC is all certificates and certificates are validated by OCSP. so if expired or revoked it should deny access.