Re: IIS not recognising client certificates



I tried to report this issue to Microsoft a few weeks ago. They told me I
could pay for a support call and if the technician decided it was truly an
IIS bug they would refund my money. I thought that was nuts and instead
posted it to the IIS general discussion group. Getting no hits since
February 1 I've now posted a bug report to this group as well.

"gsimpson" <gsimpson@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5611EF09-AECA-4A30-9CD9-1ABC1066F79D@xxxxxxxxxxxxxxxx
I've managed to fix this issue. It seems that the list of Trusted Root CA
Certs in WS2k3 is now too large for IE (including v7) to handle. Clearing
out
some of the ones we'll never use miraculously brought my server back to
life.

My worry now is what happens when the next Root CA update comes from
MS...?
Looks like we'll be adopting a 'no Root CA updates' policy going forward!

Great resource though, this newsgroup, and thanks in particular to
'Steven'
who posted in the inetserver.iis group on this issue (look for Certificate
Trust List). It was his post which helped after 10days or so of tearing my
hair out. Cheers!

"gsimpson" wrote:

I'm having a really wierd problem with client certificates on IIS. I
can't
see what might have changed, other than I applied a couple of MSXML
patches
to the box, but overnight, one of my webservers has stopped recognising
client certificates from our CA. Stopped as in this worked fine one day
and
not the next, so I know something must have changed somehow...

I've checked and re-checked everything I can think of: the CA's Root
certificate is installed in the Local Computer>Trusted Root Certification
Authorities store, I've created a CTL containing the CA's Root, and the
target virtual directories are configured to use SSL, 128-bit encryption
and
'require' client certificates - but the certificate list shown at client
browsers is empty...

I'm going quietly cuckoo trying to fix this one, so I really hope someone
can help!


.