Re: How do I make a local machine client certificate available to all users?

Hi David,

Thank you for your response.

Yes, the intention is to allow a machine access regardless of user, the
website has a user login to track that.

So it seems client certificates are not the way to go on this? I will
look into IPSec, but of course any further comments are always welcome.

Thanks again

David Wang wrote:
What are you trying to accomplish?

Are you trying to install one client certificate on machine and have
all users logged into that machine automatically use that certificate
to make a SSL request to your server? Because if so, what you want is
very contrary to the whole security design of a client certificate.

The whole purpose of client certificate is proof of identity. If you
have multiple users that can use the same certificate, you might as
well not bother requiring client certificates in the first place.

Unless you are trying to enforce the requirement that only certain
machines with client certificates, used by anyone, can access your
server, but you can do that in other ways, like with IPSec.

So... can you please describe what you are actually trying to do?


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//




Assimalyst wrote:
Hi,

Using Windows Server 2003, i have set up a standalone certificate
using the certsrv tools.

When a client machine registers you can use the advanced form to 'Store
Certificate in Local Computer Certificate Store'.

This all works as intended when the client machine registers, but when
a user logs on to the site using IE6 they still are met with the 'The
page requires a client certificate' web page.

I know i can export the local machine store certificate and then import
per user through IE, but is there an easier way to do it? Ideally i
want all users on a particular machine to automatically use the local
computer stored certificate without need for individual IE install.

Thanks for your help.

.

Relevant Pages

  • Re: HttpWebRequest failure with TLS
    ... problem was with the server certificate, that we used on the weblogic, re ... for the process to have access to the client certificate, ... certificate must be placed into the LOCAL_MACHINE store, and the account, ... account, it worked fine until the first reboot of the server, after that the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: The remote certificate is invalid according to the validation proc
    ... the webservice is protected through https/ssl. ... you also add client certificate in your ... try accessing the server service to see ... SSL certificate or the servername you used to access the server. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • How do I require a client certificate when publishing a Web server?
    ... We have an internal web server that we want to publish to the Internet. ... The ISA Server is not part of a domain. ... If I set authentication on the SSL listener to SSL Client Certificate Authentication, the client is prompted for the certificate and then gets the error: "Error Code: 401 Unauthorized. ...
    (microsoft.public.isa.publishing)
  • How do I require a client certificate when publishing a Web server?
    ... We have an internal web server that we want to publish to the Internet. ... The ISA Server is not part of a domain. ... If I set authentication on the SSL listener to SSL Client Certificate Authentication, the client is prompted for the certificate and then gets the error: "Error Code: 401 Unauthorized. ...
    (microsoft.public.isa.configuration)
  • Re: msxml3.dll error 80072f0c A certificate is required to complete
    ... client certificate to make SSL requests. ... respectively) and gave instructions on how to configure ... on IIS Server for ServerXMLHTTP request object. ... IT WORKS WINDOWS XP Professional ...
    (microsoft.public.inetserver.iis)