RE: Certificate based website problem

From: Gerrard Leach (gerrardl@watchfire.com)
Date: 05/15/02 

From: "Gerrard Leach" <gerrardl@watchfire.com>
Date: Wed, 15 May 2002 07:30:58 -0700

I have done as you requested and it appears that
everything is in order. The "issued to" column on the
server contains MISROOTCA and the Client has issued by as
MISROOTCA.

Any more suggestions?
Gerrard

P.S. For some reason, I am not getting notified that
responses have been sent to the newsgroup as I was to
start with.

Thanks again
Gerrard

>-----Original Message-----
>Hi Gerrard,
>
>Let's verify that the root CA certificate has been
installed properly on
>the server:
>1. Open Internet Explorer on the CLIENT and go to Tools -
> Internet Options
>-> Content.
>2. Click the Certificates button.
>3. On the Personal tab, double click the client
certificate. Make a note of
>the "Issued by" name.
>4. On the SERVER, go to Start -> Run and type mmc
>5. Go to Console -> Add/Remove Snap-In
>6. Click the Add button and double click Certificates in
the list that
>appears
>7. Select Computer Account and click Next
>8. Select Local Computer and click Finish
>9. Click Close, then OK
>10. In the left-hand pane, go to Certificates (local
computer) -> Trusted
>Root Certification Authorities -> Certificates
>11. Verify that the name you noted in step #3 appears in
the "Issued To"
>column.
>
>Thanks!
>Lisa
>
>--------------------
>> Content-Class: urn:content-classes:message
>> From: "Gerrard Leach" <gerrardl@watchfire.com>
>> Sender: "Gerrard Leach" <gerrardl@watchfire.com>
>> References: <1c1301c1eba1$094c9380
$3aef2ecf@TKMSFTNGXA09>
><vGIhRt96BHA.1264@cpmsftngxa07>
><211f01c1ec58$354bc5c0$9ae62ecf@tkmsftngxa02>
><VYNV6iW7BHA.2200@cpmsftngxa07>
>> Subject: RE: Certificate based website problem
>> Date: Mon, 29 Apr 2002 13:34:35 -0700
>> Lines: 134
>> Message-ID: <323d01c1efbd$46836c40
$35ef2ecf@TKMSFTNGXA11>
>> MIME-Version: 1.0
>> Content-Type: text/plain;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>> X-Newsreader: Microsoft CDO for Windows 2000
>> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>> Thread-Index: AcHvvUaD6+ha9/++RsudxtdPeWER0A==
>> Newsgroups: microsoft.public.inetserver.iis.security
>> Path: cpmsftngxa07
>> Xref: cpmsftngxa07
microsoft.public.inetserver.iis.security:6402
>> NNTP-Posting-Host: TKMSFTNGXA11 10.201.226.39
>> X-Tomcat-NG: microsoft.public.inetserver.iis.security
>>
>> See responses below...
>> >-----Original Message-----
>> >Hi Gerrard,
>> >
>> >I'm a bit confused by your description of your setup,
so
>> I'd like to ask
>> >some questions to clarify:
>> >
>> >1. You say you have three secure web sites. Are all
three
>> web sites on the
>> >same server, or on separate servers.
>> The three websites are on separate servers, but on the
>> same Internet connection, behing the same firewall
using
>> NAT.
>> >2. Are all three web sites set up to require client
>> certificates?
>> Yes
>> >3. Where is the client certificate installed? (On the
>> server? On your local
>> >workstation?)
>> Local Workstation
>> >4. If you go to Tools -> Internet Options -> Content
tab -
>> > Certificates
>> >button -> Personal tab from your browser, do you see
your
>> client
>> >certificate?
>> Yes
>> >5. If you double click on the certificate in this box,
>> does it say "You
>> >have a private key that corresponds to this
certificate"
>> at the bottom? Is
>> >today's date within the range of valid dates?
>> Yes and Yes (valid from 4/4/2002 to 4/4/2003)
>> >
>> >Thanks,
>> >Lisa
>> >
>> >--------------------
>> >> Content-Class: urn:content-classes:message
>> >> From: "Gerrard Leach" <gerrardl@watchfire.com>
>> >> Sender: "Gerrard Leach" <gerrardl@watchfire.com>
>> >> References: <1c1301c1eba1$094c9380
>> $3aef{w" \"| 2ecf@TKMSFTNGXA09>
>> ><vGIhRt96BHA.1264@cpmsftngxa07>
>> >> Subject: RE: Certificate based website problem
>> >> Date: Thu, 25 Apr 2002 05:53:33 -0700
>> >> Lines: 68
>> >> Message-ID: <211f01c1ec58$354bc5c0
>> $9ae62ecf@tkmsftngxa02>
>> >> MIME-Version: 1.0
>> >> Content-Type: tex