How to debug client certificate using IIS5.1 on XP and C#
Question
Ola,
I need to develop a website (in C#, asp.net 3.5) that will require client certificates. I'd like to debug this, using Visual Studio. I have setup IIS to use a self-signed certificate using the excellent tool SelfSSL I have also setup the default site to require SSL and to require client certificates. But I do not know how to create a client certificate that is accepted by IIS. When browsing to the testsite I get the (expected) error:
HTTP 403.7 - Forbidden: Client certificate required
How can I create a client certificate?
[UPDATE] I have created a certificate with makecert, as suggested by sipwiz. However, IIS doesn't seem to recognize this certificate as a valid client certificate. I've exported the servers certificate and added the -ic (servercert) switch. This still doesn't do the trick.
2 answers
solution1
1 2009-03-30 13:55:02
You can use Microsoft's makecert utility.
You may need to tweak the command line options but something like the below should get you started:
makecert -pe -n "CN=MyName" -a sha1 -eku 1.3.6.1.5.5.7.3.2 -ss my clientcer.cer
Edit: Added -eku parameter, looks like it's needed for IIS client certs.
solution2
0
Are any of your "client certificates" loaded into your personal certificate store?
Run > mmc > Add/Remove Snap-in > Certificates > My user account > Personal > Certificates
That is where IE expects the client certificates to be. Once there, IE will ask you which certificate to use.
Brandon
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.