Re: How do I enable mutual SSL in IIS7 with a self-signed certificate?

Thu, 17 Sep 2009 18:17:03 -0700 

I used the accepted answer on this page to make some certs including
changing the -eku to "1.3.6.1.5.5.7.3.2" to generate a client cert but
still did not work.
http://stackoverflow.com/questions/496658/using-makecert-for-development-ssl

At this point I'm thinking mutual ssl is not possible in IIS7 with
self signed cert.

Thanks
--Tigran

On Thu, Sep 17, 2009 at 1:50 PM, Tigran K <tigr...@gmail.com> wrote:
> So assuming selfssl does generate client auth EKU is there a way I can
> generate a cert that has client auth EKU or do I have to buy a cert
> from CA?
>
> Thanks
> --Tigran
>
> On Thu, Sep 17, 2009 at 1:43 PM, Brian Desmond <br...@briandesmond.com> wrote:
>> You need a cert with the Client auth EKU. You're not getting that with a 
>> cert generated with selfssl l'm guessing. You generally use this feature 
>> with smartcards or other 2 factor devices. The logon mapping happens based 
>> on the UPN in the cert and an AD lookup.
>>
>> Thanks,
>> Brian Desmond
>> br...@briandesmond.com
>>
>> c - 312.731.3132
>>
>>
>> -----Original Message-----
>> From: Tigran K [mailto:tigr...@gmail.com]
>> Sent: Thursday, September 17, 2009 3:26 PM
>> To: NT System Admin Issues
>> Subject: How do I enable mutual SSL in IIS7 with a self-signed certificate?
>>
>> I've created a self-signed certificate in IIS7. Then I exported this 
>> certificate to a .pfx and then installed it on the client machine's IE 
>> browser. Then I set "Require Client Certificate" on the server's IIS 
>> configuration. When I try to visit the site with IE, a dialog box comes up 
>> for me to choose a certificate, however, there are no certs in that dialog 
>> box. When I click "OK" without choosing any certs, I get a 403 forbidden 
>> error. How can I make this work?
>>
>> Appreciate the help in advance.
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to