RE: Certificate Mapping - Debugging



Hi Mark,

Has his client certificate's private been properly exported and installed
on the user's computer? On the problematic client machine, open mmc.exe and
add Certificates snap-in, select current user. Verify the certificate in
Personal store. There should be a line 'You have a private key
corresponds...' indicates the cert's private key is properly installed.

Furthermore, the CA which issues the client certificate must be trusted by
the IIS server, which means the CA's certificate must be installed on IIS
server's computer account's Trusted Root CA store. You can launch
Certificates mmc and open Computer account's store to check this.

To narrow down the problem, you may install his client cert on your machine
and mapping it to your user account to test. If this doesn't work as well,
the problem has been confirmed on the cert or its trust relation.

Thanks.

Sincerely,

WenJun Zhang

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

MSDN Managed Newsgroup support offering is for non-urgent issues where an
initial response from the community or a Microsoft Support Engineer within
2 business day is acceptable. Please note that each follow up response may
take approximately 2 business days as the support professional working with
you may need further investigation to reach the most efficient resolution.
The offering is not appropriate for situations that require urgent,
real-time or phone-based interactions. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.



Relevant Pages

  • Re: L2TP/IPSec from XP client to Windows 2003 Server
    ... ie no valid cert found on client - contacted Microsoft ... Windows Server 2003 Certificate Authority running ... The next step is to install Certificate Services on the Windows Server ... From Networks Connections on the client, ...
    (microsoft.public.security)
  • RE: Web App With Signature
    ... use some rich client approach such as ACTIVEX control. ... retrieve protect resource on client(such as file system or certificate ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Web Service Security
    ... installing the client certificate properly. ... you must install the certificate with a private key (usually ... asmx resource (use the ?wsdl to pull up the wsdl). ... You also should be able to apply the "requires client cert" setting at the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: ISA 2004 Client Installer Missing
    ... Sadly I stumped my support agent too. ... steps to uninstall ISA 2000 Client and then run the 2004 Client install: ... a clean install of Windows is required. ... > Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: problem with client certificates
    ... When you request the client cert, go under the advanced options and choose ... install it on another machine. ... > if let the user install the certificate through the browser, ...
    (microsoft.public.inetserver.iis.security)