Re: Require Certificates

From: David Cross [MS] (dcross@online.microsoft.com)
Date: 01/19/03

Next message: David Cross [MS]: "Re: Certificate Server Question"
Previous message: David Cross [MS]: "Re: Enterprise CA (Export Private Key)"
In reply to: S. Pidgorny [MVP]: "Re: Require Certificates"
Next in thread: Joel W.: "Require Certificates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "David Cross [MS]" <dcross@online.microsoft.com>
Date: Sun, 19 Jan 2003 09:01:47 -0800

Make sure the root CA is trusted on both client and on IIS server. This is
another reason this will occur.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"S. Pidgorny [MVP]" <slavickp@yahoo.com> wrote in message
news:OsalXFsvCHA.2424@TK2MSFTNGP10...
> Empty certificate selection list is usually a sign of missing private key.
> Have yu enrolled for the client cert from the clien, or imported the
> certificate? If imported, have you used PFX file and exported private key?
> Have you marked private key as exportable during enrollment?
>
> --
> Svyatoslav Pidgorny, MS MVP, MCSE
> -= F1 is the key =-
>
> "Chris Gilbert" <Chris.Gilbert@Consignia.com> wrote in message
> news:3e281c35@RGINF-S02.research-group.co.uk...
> > I have an IIS default website protecting a Citrix
> > Nfuse back-end and I am trying to enforce certificate-based
> > connections using SSL and 'Require Certificates'. I have
> > certified the web site and imported the Root CA cert. The
> > trust path constructs fine on the server.
> >
> > On the client I have an end user cert and I have also
> > imported the Root CA cert (same one). The trust list
> > builds OK there too. On connecting to the site, however,
> > the certificate selection pop-up is empty. Clearly IE
> > doesn't think that I have any valid certs despite my efforts.
> > Any suggestions as to what might cause this ? I have had
> > all of this working in the past and I don't think I am
> > doing anything different but clearly I am. Pointers welcome.
> >
> > Chris
> >
> >
>
>

Next message: David Cross [MS]: "Re: Certificate Server Question"
Previous message: David Cross [MS]: "Re: Enterprise CA (Export Private Key)"
In reply to: S. Pidgorny [MVP]: "Re: Require Certificates"
Next in thread: Joel W.: "Require Certificates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Radius Server
... > so I'm guessing the client needs the Server Certificate, ... > export it from the server and import it to the client. ... >> But if you deployed EAP-TLS, you need a server cert and a client ...
(microsoft.public.windows.server.networking)
Re: OWA Form Resetting
... Depends on the client browsers... ... The reason why you are getting alerts regarding the certificate being ... both the ISA server computer as well as the external ... I can view the cert and the certs ...
(microsoft.public.isa)
Re: Newbie wants to learn about PKI Server 2003......
... 2003 PKI Certificate Security", and have been lurking here for a bit. ... We will implement a 2 tier heirarchy, with the Root CA being offline. ... All clients that attempt revocation checking will first attempt to retrieve the CRL from the ... level below a self-signed cert, so applications that are 3280 compliant would never check the ...
(microsoft.public.windows.server.security)
Re: Change validatiy period of a Root certificate
... should not have either an AIA or a CDP URL in it" But when I go to install ... my subordinate stand alone CA it asks me for a Root CA to get it's cert from. ... I picks up my newly created standalone Root CA. ... certificate, copying the certificate to removable media and then installing ...
(microsoft.public.security)
Re: Crypto iffpar
... I reconfigured my test client to be a "strict client" (to use your ... > and 0x1 (meaning trusted cert) on server cryptostats. ... | The certificate signature has been verified. ...
(comp.protocols.time.ntp)