CRL checking by IIS

·         When a Client certificate is presented to an IIS website, IIS looks for the CRL verification to determine the validity of the certificate, much in a similar way a browser does the CRL checking for an SSL enabled website. When IIS receives the client cert it looks into the CDP (CRL Distribution point) under…


bother to track my blog?

Just in case if anyone bothers to track my blog here is an update. I have contributed two posts recently to our IIS/ASP.Net Support blogging site. 1. If you are seeing the following error during the IIS 6.0 Install/Setup: Error writing encrypted data to the Web Server’s configuration database (Metabase). 0x80090010=Access denied. This post may…


Using System.Net trace configuration file to troubleshoot Certificate errors in ASP.Net

System.Net trace configuration feature in ASP.Net 2.0 onwards is extremely useful when dealing with certificate related errors. Jeff P. Sanders from WinInet/System.Net API Escalation team has written this valuable post for troubleshooting ASP.Net certificate related issues. I am adding it  here as a quick reference for others and myself. Great article!


Required permissions when calling a Web service using client certificate for authentication in an ASP.NET Web application

A Web service requiring Client certificate authentication is a common scenario. You may have a client application which needs to send the Client certificate as part of the web request for accessing the web service. This client application may be a Windows/Console application or another Web application. Often you will get into issues wherein you…


Avoid this confusion around Client certificate mapping in IIS 6.0/7.0

I just wanted to add this quick post around Client certificate Mapping on IIS. This is focused on 1-to-1/Many-to-1 mapping in IIS 6.0/7.0. If you are interested to know more about configuring Client certificate mapping in IIS 6.0 please check this post of mine and for IIS 7.0 this is an excellent article. Recently a…


Automate client certificate one-to-one mapping in IIS 6.0 using C#

In PSS, we occasionally get requests from our customers wherein they want to automatically add entries for client certificate mapping in IIS or Active Directory (AD). That is either a 1-to-1, Many-to-1 or AD mapping for the client certificate authentication for the web site. I recommend going with AD mapping because that eases the management…


Unable to access IIsCertMapper object through ADSI

Today, I was working on an issue where we were trying to add mapping for client certificate for a windows account using ADSI and VBScript. Something similar as below: <%   Dim CertObj, vCert   vCert = Request.ClientCertificate(“CERTIFICATE”)   Set CertObj = GetObject(“IIS://<path>/IIsCertMapper”)   CertObj.CreateMapping vCert, “MYACCT”, “MYPASS”, “My Name”, True %> where path is…


Certificate Trust List not being honored by IIS 5.0/6.0/7.0?

Something one should be aware of if one is dealing with Client certificate and assuming Certificate Trust List (CTL) will limit the list of Trusted Certificate Authorities (CA’s) being sent to the client during the initial SSL handshake. In IIS 5.0 Post MS04-011 update and IIS 6.0/7.0 using CTL’s you cannot limit the list of…


Client Certificate revisited….How to troubleshoot client certificate related issues

Well, I am back to Client certificate again, guess the reason being a lot of support calls that we getting off late are related to any of the following four errors, especially the first two. 403.7 403.13 403.16 403.17 ( I will cover .16 and .17 very briefly since they are very self-explanatory and easy to…


How to setup IIS and AD for Client certificate authentication

Hi All, This post talks about how Client certificates are configured on websites. I have seen a lot of incidents where people get into issues with client certificate in particular, although server (website) certificates can give a scare at times. Here I will be walking you through the steps of configuring client certificates in your…