IIS 7 and Above
Setting Up IIS Express to Accept Client Certificates
Last post Sep 22, 2017 06:26 PM by dotnetftw
Feb 03, 2014 04:01 PM|joeller|LINK
I read the blog run by Jason R. Shaver a few months ago on how to set up IIS Express to accept Client Certificates. http://www.jasonrshaver.com/post/2011/09/28/WP7-Client-Certificates-Part-2-(Client-Certs-on-the-Browser).aspx
I did the following:
Since I only wanted the web app to view the certs on my CAC card I did not proceed any further. For months this worked exactly as I wanted it populating the server Variables with the Cert_Subject, when my app was then programmed to retrieve and read.
Then I moved to a different machine. I had to move my projects and databases to the new machine. I worked with things as they were for a while. I ran the the particular app I had set up to use ssl and was only mindly surprised when the app did not request
my client certificate. Then today I tried to repeat the set up on this new machine that I had on the old machine. The project settings were still the same although I had to click the "create virtual directory" again.
I opened the aplicationhost.config file.
I do not understand why this is happening on this machine and not on the other machine. Does anyone have any ideas?
p.s. I inadvertantly created this in the wrong sub-forum. I would appreciate a moderator moving it to the correct forum.
Feb 06, 2014 03:40 AM|Terry Guo - MSFT|LINK
Do you install the Centeralized SSL Certificate Support in your new server?
If not, please try to refer to the following steps for install it:
1. Open Control Panel.
2. Open Programs, and then open Turn Windows features on or off.
3. Select the Centeralized SSL Certificate Support in
Internet Information Services -> World WIde Web Service ->
Hope it helps.
Feb 06, 2014 08:55 AM|joeller|LINK
Please note I am referring to IIS express, not IIS and it is a development machine not a server. We are prevented from installing IIS on these machines by the Navy's group security policy.
Part 1 of the set of articles referenced above gave direction for setting up IIS Express including generating the "server" certificate. http://www.jasonrshaver.com/post/2011/09/28/WP7-Client-Certificates-Part-1-(Setting-Up-IIS-Express).aspx
Part 2 given above discusses setting the client certificates. As I explained this all worked twice on two separate machines so I don't understand why it is failing now.
Mar 24, 2014 12:31 PM|joeller|LINK
I just found out today that the same thing happening on that one machine is happening on the machines which work, when you run debug using Firefox.
Mar 24, 2014 12:47 PM|joeller|LINK
IIS.Net says at http://www.iis.net/learn/extensions/using-iis-express/running-iis-express-without-administrative-privileges says:
Using SSL Configuring access over the secure sockets layer (SSL) requires administrative privileges on IIS Express, just like it does on IIS. However, the IIS Express setup program performs the following tasks that enable standard users to use SSL
with IIS Express: •It automatically creates and installs a self-signed SSL server certificate in the local machine store. •It configures HTTP.SYS to reserve ports 44300 through 44399 for SSL. Incoming SSL requests that use localhost and one of the ports in
the specified range are automatically associated with the self-signed certificate. (HTTP.SYS is an operating system component that handles SSL for IIS and IIS Express. The setup program is able to configure HTTP.SYS because setup runs under elevated privileges.)
Consequently, using SSL to test a website with IIS Express is as simple as adding a binding like the following to the site element in applicationhost.config: <binding protocol="https" bindingInformation="*:44300:localhost" /> This works only for local traffic
(localhost requests) and for the specified range of ports. Administrator privileges are required in order to configure a custom SSL certificate or to run SSL using a port outside the specified range.
I did all of that. It works on some machines but not others. It works for IE but not Firefox.
Apr 05, 2016 03:43 AM|heikkiri|LINK
I know this is little bit old thread, but I landed here few times researching this issue. So, maybe others will as well. For me the problem was the my IIS Express sent the trusted list to the browser. As I used self-signed certificates, the browser did not
prompt for certificate.
I added the following key (Default: 1), and rebooted my machine. After this I got prompted for certificate.
Value name: SendTrustedIssuerList
Value type: REG_DWORD
Value data: 0 (False)
Sep 22, 2017 06:26 PM|dotnetftw|LINK
This article should help: https://dcdevs.blogspot.com/2017/06/iis-express-client-certificates.html