CODEWITHSUNDEEP
iis-7ssl-certificate
Alexandre MOINE
Alexandre MOINE

Reputation: 235

Client certificate with IIS 7

I have a client who wants to secure the connection to his application with a client certificate. He doesn't want to map the certificate to a login.

He doesn't want to buy a certificate from trusted CA and wants me to provide him my own self-signed certificate.

I followed the steps from this article : http://asoftwaredeveloper.wordpress.com/2011/12/30/x-509-certificate/ (every time I search on Google I end on this)

I managed to generate the two certificates and to set them both up in the client and server.

However, I still get the same 403.7 error.

Does anybody have a real step by step guide with ALL the steps? Am I the only one who wants to do such a simple thing? Why isn't it clearly described in the documentation?

Upvotes: 5

Views: 5657

Answers (1)

Travis Pessetto
Travis Pessetto

Reputation: 3298

Here is a step by step:

  1. Generate your CA
  2. Generate your client certs and add sign them with the CA
  3. Open MMC (Windows 7 just type MMC in the dialog)
  4. Click file>add/remove snap-in...
  5. Click certificates then add
  6. When prompted select computer account
  7. When prompted again select local computer
  8. Double click on certificates
  9. Click on Trusted Root Certification Authorities
  10. Click on certificates
  11. Click on more actions > import
  12. Find and select your Root CA Certificate 13 Open Internet Information Services Manager
  13. Click on your server
  14. Click on Server Certificates
  15. Import your CA certificate
  16. Click on your site
  17. Click on bindings
  18. Add a new one for https
  19. Make sure to select your CA certificate
  20. Click ok.
  21. Return to your site menu
  22. Click on SSL Settings
  23. Check require SSL
  24. Click on require in the radio buttons
  25. Return to site's menu
  26. Click on authentication
  27. Enable anonymous authentication (it will still ask for a certificate)
  28. Restart IIS (all of it, not just the site)
  29. Install the client certificate into the browser
  30. Go to the site with https:// and not http://

  31. Browser should prompt depending on settings

    • Every client must trust the CA so you will have to convince every user to install your CA cert to their computer.

Upvotes: 3

Related Questions