07-09-04 05:01 PM
Hi,
Ignore client certificates means IIS will not use client's certificate for
authentication, but data transferred between the server and the client will
still be encrypted. This configuration is used:
a) when using anonymous access to protected web server (e.g. shopping, ...)
b) when you use e.g. basic authentication or any other authentication
If you have a site that must really be protected, then you can issue your
clients certificates (e.g. on smart card) and require them to use these
certificates for authentication. In this case you will remove the setting
"Ignore client certificates" and you will set "Require client certificates"
How keys are exchanged when initiating SSL certificates is explained in this
Microsoft's article:
Description of the Secure Sockets Layer (SSL) Handshake
http://support.microsoft.com/defaul...kb;EN-US;257591
and some other useful information:
SSL/TLS in Windows Server 2003
http://www.microsoft.com/technet/pr...ty/sslws03.mspx
Hope this helps you out,
Mike
"Slava" <DoNotSpamMe_KJ@lcs.cz> wrote in message
news:%23lCubeOZEHA.2516@TK2MSFTNGP10.phx.gbl...
> Hello,
> can anybody explain me, how data transfering is encrypted in SSL
> if on IIS is setted : 'Ignore client certificates' ?
>
> In other modes, I understand, that Client encrypt by public key of Server
> cert,
> and Server decrypt it by it's private key Client->Server,
> and in the way Server->Client, Server encrypt data by Client public key,
> and Client decrypt by it's private key - OK, clear.
> Am I right ?
>
> But in the mode : 'Ignore client certificates' ???
> Client can encrypt by Server public key - OK,
> but what about Server encrypting ? by which the Server encrypts ? and
> Client
> decrypt ?
>
> can you explain me it ??? [maybe this case SSL is only one way crypted
? ]
>
> thank you,
> slava
>
> K.Jansta
>
>
[ Post a follow-up to this message ]
| 
