|
Home > Archive > IIS Server Security > September 2004 > regarding client certificates.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
regarding client certificates.
|
|
| Rama Raju 2004-09-02, 6:45 pm |
| Hello sir,
I am unable to create a client certificate.
How to go about to create a client certificate.
Sir i have created a web server certificate and installed
in my web server from verisign.
when i am trying to access that page using https:// it
says
HTTP 403.7 - Forbidden: Client certificate required
Internet Information Services.
Is it that the client certificate also i have to get it
from verisign, if so how?
Now i didnot understand how to create a client certificate.
Can any one please help me how to start to create a client
certificate.
| |
| Miha Pihler 2004-09-02, 6:45 pm |
| Hi,
If I understand you ordered SSL certificate to protect the content transfer
between the client and the server.
For this you don't need to enable Clients certificate requirement and should
disable this. You can do this by opening Properties of your web site that is
SSL protected and click on Directory Security. Here click on Edit under
Secure Communication and click on Ignore client certificates. Leave "Require
Secure channel (SSL)" enabled
Mike
"Rama Raju" <ramaraju.digala@wipro.com> wrote in message
news:064601c490b0$cf68c410$a401280a@phx.gbl...
> Hello sir,
>
> I am unable to create a client certificate.
> How to go about to create a client certificate.
>
> Sir i have created a web server certificate and installed
> in my web server from verisign.
>
> when i am trying to access that page using https:// it
> says
>
> HTTP 403.7 - Forbidden: Client certificate required
> Internet Information Services.
>
> Is it that the client certificate also i have to get it
> from verisign, if so how?
>
> Now i didnot understand how to create a client certificate.
>
> Can any one please help me how to start to create a client
> certificate.
| |
| Rama Raju D S 2004-09-02, 6:45 pm |
| Hi Mike,
First of all thanx for ur response.
Sir, If i want to select the Require client certificate.
How to do this client certificate.
waiting for ur reply
regards
Rama Raju D.S
>-----Original Message-----
>Hi,
>
>If I understand you ordered SSL certificate to protect
the content transfer
>between the client and the server.
>
>For this you don't need to enable Clients certificate
requirement and should
>disable this. You can do this by opening Properties of
your web site that is
>SSL protected and click on Directory Security. Here click
on Edit under
>Secure Communication and click on Ignore client
certificates. Leave "Require
>Secure channel (SSL)" enabled
>
>Mike
>
>"Rama Raju" <ramaraju.digala@wipro.com> wrote in message
>news:064601c490b0$cf68c410$a401280a@phx.gbl...
installed[vbcol=seagreen]
certificate.[vbcol=seagreen]
client[vbcol=seagreen]
>
>
>.
>
| |
| Miha Pihler 2004-09-02, 6:45 pm |
| Hi,
If you want clients to use certificates instead of username and passwords,
you either have to setup your own CA server (you can set it up e.g. on your
Windows 2003 server) or you could buy them from 3rd party provider like
Verisign. Down side of buying 3rd party client certificate is the price. I
think it is about 100 USD per user (it depends which certificate agency you
pick).
If you need to provide public access (anonymous access) to this secure site
then client's don't need any certificates on their end.
Once you have the certificates, you have to map user accounts to this
certificates (Client Certificate Mapping). Details on how to setup this
depend on your environment (is this Active Directory or standalone setup)
(among other things).
If you decide to setup your own CA, make sure you know the product (Windows
2003 CA service). Changing CA configuration at later date is practically
impossible without tearing down your current CA setup.
Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Infrastructure
http://www.microsoft.com/technet/pr...y/ws3pkibp.mspx
Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/pr...y/ws03pkog.mspx
Managing PKI:
http://www.microsoft.com/technet/pr...ity/mngpki.mspx
Mike
"Rama Raju D S" <ramaraju.digala@wipro.com> wrote in message
news:4b3d01c490c5$36ad4a60$a301280a@phx.gbl...[vbcol=seagreen]
> Hi Mike,
>
> First of all thanx for ur response.
>
> Sir, If i want to select the Require client certificate.
>
> How to do this client certificate.
>
> waiting for ur reply
>
> regards
> Rama Raju D.S
>
>
>
>
> the content transfer
> requirement and should
> your web site that is
> on Edit under
> certificates. Leave "Require
> installed
> certificate.
> client
|
|
|
|
|