Hi Brian,

Well, if you figure it out please tell me, too. I am having
the same problem. Check out my question "Cannot establish
certificate chain for client authentication" posted here a
few days back.

The only way to get it to work for me right now (ie, client
gets a non-blank list) is to have the RootCA signs the
client cert.

SSL-er

>-----Original Message-----
>We are trying to migrate our Certificate Services from a
>third party to in house.  I have created the following
>hierarchy:
>
>RootCA
>  |
>SubCA
>  |
>Website with issued
>certificate from SubCA
>
>
>Now I think everything is setup correctly, I have the Root
>Certificate installed on the server and the Root
>Certificate is part of the IIS CTL list (this is IIS 5.0
>on Windows 2000).  Problem is that when the client
>retrieves a Certificate from the SubCA then attempts to
>navigate to the Website requiring client certificates,
>they get a Blank List of Certificates to choose from.
>
>Has anyone encountered this and know how to fix it?  Any
>suggestions welcome, thanks in advance.
>
>-Brian
>.
>

[ Post a follow-up to this message ]