> Hello,
>
> I'm doing tests on IIS6 with client certificates. What I wan't to
> realize is, that users must have a valid client certificate for
> accessing a website.
>
> There are 3 machines involved:
> IIS (2003 standard server with IIS, isolated - no domain member)
> CS ( 2003 standard server with certificate services
> XP (Windows XP Client)
>
> Here is what I've actaully done:
> - created a web site (IIS)
> - created a ssl certificate with selfssl (IIS)
> - activated ssl for a virtual directory of the website (IIS)
> - installed certificate services (CS)
> - accessed http://m2/certsrv and requested a user certificate (XP)
> - build the user certificate (CS)
> - installed the user certificate (XP)
> - added the CA (CS) to the trusted CAs on XP
>
> The client certificate is now shown as valid on XP for Filesystem
> encryption, E-Mail, Clientauthentication.
>
> On IIS I did the follwing
> - added the CA (CS) to the trusted CAs on IIS
> - installed the user certificate of XP (Its under Other Persons now)
> - activated client certificates in IIS and created a link from the
> certificate to local admin for testing purposes.
>
> Now what happens if I try to reach the virtual directory is:
>
> HTTP Error 403.7 - Forbidden: SSL client certificate is required.
>
> What am I doing wrong? O.K. i don't use any certificates of default
> trusted CAs but I guess a test should work with simple self generated
> certificates. Must there be any connection between the certificate
> server and the server with IIS - do they have to be in the same domain?
>
>
> Please help me with this
>
> Yvonne
>
>
>
>
> The Clien
>