Last post Sep 22, 2017 06:30 PM by dotnetftw
Mar 25, 2014 12:45 PM|gauravmajithia1|LINK
I know this might have been asked a lot of times. But I have researched a lot and have failed to achive what I want.
What I want:
What have I already tried?
> Enable SSL Settings for my website and client certificate marked as Accept
In this case my code does not get a valid certificate
Dim cert As HttpClientCertificate = Request.ClientCertificate
> Enable SSL Settings for my website and client certificate marked as Require
HTTP Error 403.7 - Forbidden
The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.
What am I missing??
Mar 25, 2014 12:56 PM|BrockAllen|LINK
When accepting client certs in IIS, the issuer of the client certificate need to be trusted. This means the issuer cert needs to be configured in the server certificate store under trusted issuers.
Mar 25, 2014 08:33 PM|gauravmajithia1|LINK
Mar 25, 2014 09:03 PM|BrockAllen|LINK
The client certificates that are issued to your user's smartcards come from somewhere -- that's the issuer. The issuer is identified by a certificate. This is the certificate you need to trust in the certificate store on the server.
Mar 26, 2014 06:44 AM|gauravmajithia1|LINK
Do i have to ask my provider to give me this certificate? Or it would be already present on client machine or in Smart Card?
Also, would be helpful to me if you can share a link or procedure to be followed after i receive this Certificate.
Mar 26, 2014 08:04 AM|BrockAllen|LINK
On windows if you open the .cer file then you can look on the "certification path" and see the chain. You really should consult with someone in your environment who knows about your smart cards (or a specialist), though, because putting that trust in your
web server might open you up to more trust than you want -- you don't want to now accidently allow authentication with anyone with a certificate/smartcard -- it needs to be the right set of smart cards.
Sep 22, 2017 06:30 PM|dotnetftw|LINK
This worked for me: