SSL client certificate authentication
From: Neel (sriparvathy.ganeshan-external@gemplus.com)
Date: 04/03/03
- Next message: Dave B: "Limiting Active Directory search parameters"
- Previous message: Exped24_M: "Terminal login access"
- Next in thread: David Cross [MS]: "Re: SSL client certificate authentication"
- Reply: David Cross [MS]: "Re: SSL client certificate authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: sriparvathy.ganeshan-external@gemplus.com (Neel) Date: 3 Apr 2003 04:27:57 -0800
Hi All,
I tried out doing the SSL client certificate authentication in the
following way as explained below. But there is some problem and the
web site doesn't open in the client machine...
1> I have installed the stand-alone root CA for generating the
certificates to be stored in the local machine.
2> When I install the microsoft certificate services, the root CA gets
installed in the trusted root certificate Authority root store.
3> Using the microsoft certificate services web page, i request a
client and a server certificate. The server certificate is installed
in the server machine and gets stored in the Intermediate CA. The
client certificate is installed in the client machine and gets stored
in the Intermediate CA again.
4> Now in the IIS wizard, i go to the directory security tab.
* In the Anonymous access and authentication control section, i have
not enabled any of the authentication methods like Anonymous,
BAsic,Digest or Integrated windows authentication.
Here only certificate authentication is needed. So i went to the
secure communication section to,
* map a server certificate that i have generated and installed before.
* I go to the Edit section, enable the Require secure channel and
Require client certificate.
* But i don't do any mapping of the client certificate to the windows
user account.
I am not doing this mapping because if that happens, then all the
client certificates have to be compulsorily placed in the server
machine,which is not correct.
I have thought the working of this SSL client cetificate
authentication this way :-
a> I just enable the SSL communication and to accept the client
certificate in the server.
b> Get the client certificate in the client PC and install it in the
Intermediate CA.
c> Now, when i type https:// Is the mapping of certificate mandatory here?
Thanx
certificate should be presented and later the client authentication
dialog box has to appear with the client certificate in the list. But
here i have a doubt, on what basis does the client certificate gets
listed in the client authentication dialog box? Does it have any
connection with the user?
Neel
Relevant Pages
... but I can't seem to get the certificate from the ... for web chaining to work that way you don't install a server ... actually install a client certificate used for authentication to the ... Did you install Sun's JVM, ...
(microsoft.public.isaserver)
... So where does the cert com from "using TLS"? ... So you are saying that IAS creates its own Certificate ... order to use 802.1x RADIUS authentication on Mobile 2003 PPC. ... unless I install a personel certificate on ...
(microsoft.public.internet.radius)
... retail version but have lost the authentication ... >> purchased a new PC and I'm trying to install XP on it. ... >> Unfortunately I've lost my authentication certificate ...
(microsoft.public.windowsxp.setup_deployment)
... the certificate, but I would still have the same issue. ... >:I DO want to a pass-through authentication feature by myself. ... authenticating on a client certificate, I want to authenticate based on ... In order to reduce SSL load and support edge server caching ...
(microsoft.public.inetserver.iis.security)
... How do I get a Microsoft CA to issue me a client cert? ... option for client certificate. ... There is a user certificate, ... I'm not an FSP expert by any means, but I might be able to help here. ...
(microsoft.public.windows.server.active_directory)
