| Subject: Choose a Digital Certificate Blank!! |
| Group: microsoft.public.windows.server.security,microsoft.public.security.crypto,microsoft.public.windows.vista.security |
| Date: 9/10/2008 9:14:04 AM |
| From: =?Utf-8?B?UnlhbiBIYW5pc2Nv?= [Email Address Protection] |
Hello everyone, I have a web site that uses Certificate Authentication for user identity. My CA issues certificates to the end users and the web site inspects the certificate properties to allow users into the site. The CA is a private CA that uses a self-signed cert at the top level. On all non-Vista operating systems, everything works well. When Vista requests the cert, it prompts me that it needs to add the Trusted Root Cert for the CA.. I do this and make sure that it places the Root Cert in the Trusted Root Cert area. Then the personal cert installs correctly. I can use the Cert MMC to see that the root is there and that the client cert is in the right place. When I load the web site, I do hit it with SSL and I get the "Choose a Digital Certificate" dialog box that I expect. Unfortunately, in the Identification box, there are no certificates listed at all -- so the authentication fails. I have seen a number of other complaining about this very issue on other sites in my search for an answer, but I have yet to see a working response. I have tried: - Manually importing the Root Cert - Adding the site to a security zone with settings on low or making the site a trusted site - In IE, turning off the Revocation status for the cert and the CA - Removing the IE check for signatures on downloads I am running out of options and am looking for additional direction. Anyone?? -- Ryan Hanisco MCSE, MCTS: SQL 2005, Server 2008, Project+ http://www.techsterity.com Chicago, IL Remember: Marking helpful answers helps everyone find the info they need quickly. |
| Back |