How do I enable mutual SSL in IIS7 with a self-signed certificate?

Question

I've created a self-signed certificate in IIS7. Then I exported this certificate to a .pfx and then installed it on the client machine's IE browser. Then I set "Require Client Certificate" on the server's IIS configuration. When I try to visit the site with IE, a dialog box comes up for me to choose a certificate, however, there are no certs in that dialog box. When I click "OK" without choosing any certs, I get a 403 forbidden error. How can I make this work? Appreciate the help in advance.

score 1 · Answer 1 · answered Sep 23 '09 at 06:46

1

Chances are the SSL only contains the Server Extended Key Usage (EKU) and not the client EKU...

answered Sep 23 '09 at 06:46

Dscoduc

1,095
2
8
15

score 0 · Answer 2 · answered Sep 18 '09 at 01:07

0

Using Microsoft Management Console, add the certificate manager snap-in and choose CurrentUser. Then import the certificate into the CurrentUser->Personal store.

Restart IE and you should now see the certificate in the list

answered Sep 18 '09 at 01:07

Wayne

3,104
1
22
16

How do I enable mutual SSL in IIS7 with a self-signed certificate?

2 Answers2