View Complete Thread
  • Re: Certificate Trust List on IIS 8.5

    Feb 25, 2016 08:41 PM|blake.duffey|LINK

    So I can certainly add certs to the Client Authentication Issuers store.  The problem now is, per https://technet.microsoft.com/en-au/library/dn786429.aspx

    HTTP.sys, which implements the Windows HTTP-server stack, is not configured by default to use the Client Authentication Issuers store.

    So I need to configure the site to use that store.  But using netsh http add sslcert only gives me 'the parameter is incorrect'.

    Hostname:port : sXXXXXXXX.org:443
    Certificate Hash : 2XXXXXXdcf16f3417000a523621087159683
    Application ID : {4dc3e181-e14b-4a21-b022-59fc66XXXX}
    Certificate Store Name : WebHosting
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout : 0
    Ctl Identifier : (null)
    Ctl Store Name : (null)
    DS Mapper Usage : Disabled
    Negotiate Client Certificate : Disabled

    PS C:\Users\blake> netsh http add sslcert ipport=sXXXXXXXXXXXXXXX:443 certhash=XXXXXXXXXXXXXXXXXf3417000a523621
    087159683 appid={4dc3e181-e14b-4a21-b022-59fc66XXXXX} sslctlstorename=ClientAuthIssuer
    The parameter is incorrect.

    Thanks again

    Blake