eahaha
in [IIS]
|
Prev: hosting WCF service - netTcp binding - Server Application Unavaila
Next: Microsoft Responds to the Evolution of Online Communities
From: fung chung on 1 May 2010 06:52 rywya anoo wrote: matching of Client Certificates with Server Certificates 22-Feb-07 Hello, I wanted to know if the following properties of Server Certificates to be matched with the Server Certificate? 1. Issuer 2. Issued 3. Thumbprint 4 Validity 1. if Private key in the Server Certificate should be associated with the Client Certificate also? 2. If Server Certificate has only single purpose of "Server Authentication" as displayed in its properties, can it be exported to .pfx/p7b format file to be used as a Client Certificate. Please Help Thanks in Advance Previous Posts In This Thread: On Thursday, February 22, 2007 1:07 AM anoo wrote: matching of Client Certificates with Server Certificates Hello, I wanted to know if the following properties of Server Certificates to be matched with the Server Certificate? 1. Issuer 2. Issued 3. Thumbprint 4 Validity 1. if Private key in the Server Certificate should be associated with the Client Certificate also? 2. If Server Certificate has only single purpose of "Server Authentication" as displayed in its properties, can it be exported to .pfx/p7b format file to be used as a Client Certificate. Please Help Thanks in Advance On Thursday, February 22, 2007 1:34 AM anoo wrote: Hello, It should be I wanted to know if the following properties of Hello, It should be I wanted to know if the following properties of Client Certificates to be matched with the Server Certificate? 1. Issuer 2. Issued 3. Thumbprint 4 Validity 1. if Private key in the Server Certificate should be associated with the Client Certificate also? 2. If Server Certificate has only single purpose of "Server Authentication" as displayed in its properties, can it be exported to .pfx/p7b format file to be used as a Client Certificate. Please Help Thanks in Advance Thank you "anoop" wrote: On Thursday, February 22, 2007 12:19 PM anoo wrote: RE: matching of Client Certificates with Server Certificates Hello, I have the Following SSL LOG System time: Thu, 22 Feb 2007 17:09:28 GMT Connecting to 10.16.1.1:443 Connected Handshake: 78 bytes sent Handshake: 557 bytes received Handshake: 182 bytes sent Handshake: 43 bytes received Handshake succeeded Verifying server certificate, it might take a while... Server certificate name: 10.16.1.1 Server certificate subject: CN=10.16.1.1 Server certificate issuer: CN=10.16.1.1 Server certificate validity: From 2/22/2007 9:37:41 PM To 11/17/2009 9:37:41 PM HTTPS request: GET / HTTP/1.0 User-Agent: SSLDiag Accept:*/* HTTPS: 72 bytes of encrypted data sent HTTPS: 25 bytes of encrypted data received HTTPS: Server requested another handshake sequence Handshake: 86 bytes sent Handshake: 896 bytes received Handshake: incomplete credentials, trying again Handshake: 221 bytes sent Handshake: 4482 bytes received 4423 bytes of app data was bundled with handshake data Status: HTTP/1.1 403 Access Forbidden HTTP/1.1 403 Access Forbidden Server: Microsoft-IIS/5.1 Date: Thu, 22 Feb 2007 17:09:28 GMT Content-Length: 4237 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html dir=ltr> <head> <style> a:link {font:8pt/11pt verdana; color:FF0000} a:visited {font:8pt/11pt verdana; color:#4e4e4e} </style> <META NAME="ROBOTS" CONTENT="NOINDEX"> <title>The page requires a client certificate</title> <META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252"> </head> <script> function Homepage(){ <!-- // in real bits, urls get returned to our script like this: // res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm //For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm" DocURL=document.URL; //this is where the http or https will be, as found by searching for :// but skipping the res:// protocolIndex=DocURL.indexOf("://",4); //this finds the ending slash for the domain server serverIndex=DocURL.indexOf("/",protocolIndex + 3); //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining //of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker. //urlresult=DocURL.substring(protocolIndex - 4,serverIndex); BeginURL=DocURL.indexOf("#",1) + 1; urlresult=DocURL.substring(BeginURL,serverIndex); //for display, we need to skip after http://, and go to the next slash displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex); InsertElementAnchor(urlresult, displayresult); } function HtmlEncode(text) { return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>'); } function TagAttrib(name, value) { return ' '+name+'="'+HtmlEncode(value)+'"'; } function PrintTag(tagName, needCloseTag, attrib, inner){ document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) ); if (needCloseTag) document.write( '</' + tagName +'>' ); } function URI(href) { IEVer = window.navigator.appVersion; IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 ); return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ? encodeURI(href) : escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';'); } function InsertElementAnchor(href, text) { PrintTag('A', true, TagAttrib('HREF', URI(href)), text); } //--> </script> <body bgcolor="FFFFFF"> <table width="410" cellpadding="3" cellspacing="5"> <tr> <td align="left" valign="middle" width="360"> <h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page requires a client certificate</h1> </td> </tr> <tr> <td width="400" colspan="2"><font style="COLOR:000000; FONT: 8pt/11pt verdana">The page you are trying to view requires the use of a client certificate.</id></font></td> </tr> <tr> <td width="400" colspan="2"> <font style="COLOR:000000; FONT: 8pt/11pt verdana"> <hr color="#C0C0C0" noshade> <p>Please try the following:</p> <ul> <li>Click the <a href="javascript:location.reload()"> Refresh</a> button to try again, if you have installed your client certificate.</li> <li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the <script> <!-- if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2"))) { Homepage(); } //--> </script> home page.</li> </ul> <h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.7 - Forbidden: Client certificate required<br> Internet Information Services</h2> <hr color="#C0C0C0" noshade> <p>Technical Information (for support personnel)</p> <ul> <p> <li>Background:<br> This error occurs when the resource you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the server recognizes.</p> <p> <li>More information:<br> <a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.7&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a> </li></p> </ul> </font></td> </tr> </table> </body> </html> HTTPS: server disconnected Final handshake: 23 bytes sent successfully Now please help me, how to solve this problem of Client Certificates. Thank you "anoop" wrote: On Tuesday, September 23, 2008 2:44 PM elliot litz wrote: Incomplete Credentials using client certificates Did you ever resolve the message "incomplete Credentials" using client certificates. I am getting this message after trying a number of ways to configure ssl requiring client certificates. I'm running on my local win xp box using iis 5.1 and ie 7.0 On Tuesday, June 16, 2009 6:29 AM Daiane wrote: daeg You are required to be a member to post replies. After logging in or becoming a member, you will be redirected back to this page. On Monday, July 20, 2009 8:14 PM Edward Wright wrote: Certificates You are required to be a member to post replies. After logging in or becoming a member, you will be redirected back to this page. On Thursday, January 28, 2010 9:34 PM Jeannine Kennedy wrote: private key association This makes no sense to me I do not speak computer Thanks for trying Submitted via EggHeadCafe - Software Developer Portal of Choice Crypto Obfuscator for .NET - Product Review http://www.eggheadcafe.com/tutorials/aspnet/bf15c41b-6510-403e-9af8-f5fd987fafb1/crypto-obfuscator-for-ne.aspx |