IIS Server Security - Problem on checking client's certificate on IIS 6

Author

Problem on checking client's certificate on IIS 6

Vsevolod

2005-09-01, 6:02 pm

Hello !

Fisrst, I'm sorry for my English. I'll try to explain our problem.

We want to migrate from IIS 5 to IIS 6, but there is the problem with
different behaviour IIS 6 how it checks clients' certificates. IIS 6 requires
all intermediate certificates for building certificate chain but IIS 5
doesn't. Without intermediate certificates we receive on client's side :

HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is not
trusted by the Web server

Is it correct ? IMHO, it's correct but it's not comfortable in our case when
we have a quantity intermediate certificates. At other side why IIS 5 works ?
Is it bug ?

BR,

Vsevolod

Bernard Cheah [MVP]

2005-09-06, 2:52 am

as highlighted in other forum this is by design for IIS 6

have you try the general windows.security group for the way to effectively
deal with your cert chain?

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/

"Vsevolod" <Vsevolod@discussions.microsoft.com> wrote in message
news:69AA4B69-E550-44C0-937D-765EA6C13D65@microsoft.com...
> Hello !
>
> Fisrst, I'm sorry for my English. I'll try to explain our problem.
>
> We want to migrate from IIS 5 to IIS 6, but there is the problem with
> different behaviour IIS 6 how it checks clients' certificates. IIS 6
> requires
> all intermediate certificates for building certificate chain but IIS 5
> doesn't. Without intermediate certificates we receive on client's side :
>
> HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is not
> trusted by the Web server
>
> Is it correct ? IMHO, it's correct but it's not comfortable in our case
> when
> we have a quantity intermediate certificates. At other side why IIS 5
> works ?
> Is it bug ?
>
> BR,
>
> Vsevolod