IIS SSL configuration problem

T

Theodoros.Savvides

Hi

I have a web site under IIS 5 in Windows 2002 Server and I want to setup.
In the application
I have created an HttpHandler in .NET. I have set the site to require SSL
and 128-bit encryption
and i have chosen the Require Client Certificate option in order for the
application to require client certificates.
If I use IE to call the handler, the site asks for the client certificate.

If another application does a web request to the application, the site
does not ask for the client certificate. I did a trace using
the network monoitor tool and after the client and server hello, the
presentation of the server certificate, there is no client certificate
requested from the server and the call proceeds as normal to application
data transfer.

Does anybody know how to overcome this problem?

Thanks
TS
 
Y

Yan-Hong Huang[MSFT]

Hello Theodoros,

Thanks for posting in the group.

Based on my understanding, now the issues is: You enabled "Require Client Certificate" in a web site. If you use IE to visit
pages, there is no error. If you use another web application to send request to this web application, you found that client
certificate is not needed. Please correct me if I have misunderstood the problem.

I suggest you refer to one MSDN article to review the genera steps. "HOW TO: Secure an ASP.NET Application Using
Client-Side Certificates"
http://support.microsoft.com/?id=315588

By the way, could you please post the web request code in that application here? Please also check the network frames
between IE access and your web application access to see whether there is any difference, especially in header.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!From: (e-mail address removed)
!Subject: IIS SSL configuration problem
!MIME-Version: 1.0
!X-Newsreader: Lotus Notes Release 6.0 September 26, 2002
!X-MIMETrack: Serialize by Notes Client on Theodoros A Savvides/NIC/CTL(Release 6.0|September
! 26, 2002) at 29/07/2003 14:40:04,
! Serialize complete at 29/07/2003 14:40:04
!Content-Type: text/plain; charset="US-ASCII"
!Message-ID: <[email protected]>
!Newsgroups: microsoft.public.dotnet.framework.aspnet.security
!Date: Tue, 29 Jul 2003 04:40:02 -0700
!NNTP-Posting-Host: 213.207.151.60
!Lines: 1
!Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:6061
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
!
!Hi
!
!I have a web site under IIS 5 in Windows 2002 Server and I want to setup.
!In the application
!I have created an HttpHandler in .NET. I have set the site to require SSL
!and 128-bit encryption
!and i have chosen the Require Client Certificate option in order for the
!application to require client certificates.
!If I use IE to call the handler, the site asks for the client certificate.
!
!If another application does a web request to the application, the site
!does not ask for the client certificate. I did a trace using
!the network monoitor tool and after the client and server hello, the
!presentation of the server certificate, there is no client certificate
!requested from the server and the call proceeds as normal to application
!data transfer.
!
!Does anybody know how to overcome this problem?
!
!Thanks
!TS
!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top