: IIS 7.5 and authenticating client certificates I am trying to understand if the functionality I am seeing is how client certs and SSL is supposed to work, or if I've done something wrong. I
I am trying to understand if the functionality I am seeing is how client certs and SSL is supposed to work, or if I've done something wrong. I have a site running under IIS 7.5 that is using a cert obtained from my company's internal certificate server. I have set the binding for the cert, and required client certs through the IIS UI. When I navigate to the site it prompts me for the certificate before I proceed and requires it as expected.
Here is the question, I was told that part of the authentication done by the server was that the client certificate had to be issued from within the same PKI infrastructure. For example a cert issued from the same server as the SSL should work, but a cert issued by say Verisign would not be accepted. That does not seem to be the case, it appears that the server will accept and client certificate as long the as CA that issued it is listed as a Trusted Root on the server. Is that correct? Is there a simple setting I can change to alter that?
Since I'm issuing the certificates from my own server I could create a custom certificate validation along the way to validate things further but I was wondering if I am missing something simple or not and I haven't yet found any articles that explain what the server does to validate the client certificate.
More posts by @Sarah324
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.