views:

1213

answers:

5

We have configured IIS 6 to accept client certificates and have installed the certificate services on our server. When we go to http://[our site]/CertSrv and request a Web Browser Certificate (client certificate) from IE7/8 on Windows XP and Vista and Windows 7, then issue the cert on the server certificate authority manager, all combinations of the client/OS seem to install the client certificate properly in the personal certificate store.

When we visit our test application that requires client certificates, all IE versions installed in Windows XP propmt for the client certificate and then properly display the page. Uhfortunately, all IE versions installed on Vista and Windows 7 do not prompt for the cert, nor do they automatically send the cert. It's like IE on these operating systems is unaware of the client certificate and it doesn't prompt for it, nor does it send it to the site.

Since everything works as expected, at least on the XP configurations, we assume that IIS6 is correctly configured.

It's been 8 hours with two of us trying to figure this out and we're ready to throw a laptop through a window and "the google" has let us down.

Thanks for anyone who can help.

Mark

A: 

ok, we figured this out.

in the /CertSrv app we have to request a certificate from advanced mode - we don't change anything - just type the identifying info as we would in not-advanced mode. now it works. who knows why? at least we can get some sleep.

Mark Lauter
A: 

What do you mean by advanced mode?

Pungi
CertSrv has a button that says "advanced" - click that and request the client cert from there instead of from the simple/template cert request you get when you don't click advanced button.
Mark Lauter
A: 

Perfecet.. I had same issue and i search google and I find here. After read answers I try to install cert in advanced mode and it's done. It's works perfectly.

Everybody can try this..

Thanks guys..

Gkhnckr
That is another stackoverflow.com success story! :)
Mark Lauter
A: 

HI - I have exactly the same problem but I am unsure how to use/access certsrv, (on all the XP PC's we just double clicked the certificate and it installed and worked).

Can you elaborate a little please as I am sure this is the resolution i need?

phil whitehorne
As you probably already know, certsrv is a webbased app that runs on your certificate server. Here are the steps required:1.Go to the certsrv directory - probably http://localhost/certsrv/2.Click "Request a Certificate"3.Click "advanced certificate request"4.Click "Create and submite a request to this CA"5.Fill out the form, etc..6.From this point forward its the same as any other certificate.
Mark Lauter
A: 

As you probably already know, certsrv is a webbased app that runs on your certificate server.

Here are the steps required:

  1. Go to the certsrv directory - probably http://localhost/certsrv/

  2. Click "Request a Certificate"

  3. Click "advanced certificate request"

  4. Click "Create and submite a request to this CA"

  5. Fill out the form, etc..

  6. From this point forward its the same as any other certificate.

Mark Lauter