Client Certificates



Please forgive me for cross posting this but I didn't get any answer
on the forum...

I have set up a C# web application that runs on my test Web Server
(Windows 2003 Server, Web Edition). It in turn calls a web service
running on the internal network.

Now I want to issue a client certificate to each client connecting to
the web app, and use it to authenticate and identify the clients on
the web server (and use the SSL for secure encrypted exchanges).
There is no issue requiring SSL between the web server and the back
end server running the web service because all communication is via
the internal network which is not exposed to the internet.

So, I issued a server certificate, and set up the web app site to
require client certificates. Sure enough when I try to access the web
client app, I get a notice that secure communication is needed. Next
I issued a certificate to the client, using the many to one scheme,
and set up a couple of rules to confirm the certificate. Now comes
the part I am unsure about and which does not work.

If I try to connect directly (via the lan) by using http:// I get a
page like:

The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer

Please try the following:

Type https:// at the beginning of the address you are attempting to
reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.

If I change the address to https, I then get:

The page requires a client certificate
The page you are attempting to access requires your browser to have a
Secure Sockets Layer (SSL) client certificate that the Web server will
recognize. The client certificate is used for identifying you as a
valid user of the resource.

Please try the following: (removed for brevity)

HTTP Error 403.7 - Forbidden: SSL client certificate is required.

When I try to connect via the internet using http, I get the same as
the first example above, but when I try to connect via internet using
https, I get:

425 HTTP Error
Unable to connect with remote host.

From these messages I can't tell what the problem is:

1. Is the client not honoring my client certificate, or am I not even
getting to the client?

2. Where and what are the diagnostic tools that can help me debug this

3. Do I have to do something special to enable the application to
respond to https. (So far I have only set up via IIS manager to
require certificates, and added the client certificate to my browser.)

I'm now at a standstill, having expended a lot of time searching and
reading for a better understanding of how to do this. Please help!

Thanks, Russ


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question