Thursday, October 25, 2007

* Troubleshooting : Client Certificate Authentication

You are doing a setup for Client Certificate Authentication for your web application. The client and server tools involved are :

  • Internet Explorer 6 or 7
  • IIS 6.0
  • Windows 2003

After installing client and server certificates and enabling 'Accept Certificates' at IIS end, you may face one of these problems:

  • You are not able to verify whether the client certificate is currently installed for 'Client Authentication' in my browser because 'Intended purpose' doesn't show 'Client Authentication'


  • When I try to access the site which accepts client certificates, I get a popup in browser to select the client certificate but it does not list my browser certificate.

Here are some things you can check:

  • To get the 'Client Authentication' in 'Intended Purpose' drop down. Click 'Advanced..' button and uncheck 'Client Authentication'.
  • Make sure that the CA of the client certificate is added to 'Trusted Root Certification Authorities' directory of web server machine. You can access this directory using 'Certificates' mmc snap-in.
  • image
  • Make sure the properties of the CA in same directory shows 'Client Authentication' as checked for Certificate Purposes.
  • image

1 comment:

  1. Hi,
    Nice to see that blog commenting done right still has many benefits. Thanks for sharing your insights.
    Authentication Certificate