How to debug client certificate using IIS5.1 on XP and C#

How to debug client certificate using IIS5.1 on XP and C#


I need to develop a website (in C#, 3.5) that will require client certificates. I'd like to debug this, using Visual Studio. I have setup IIS to use a self-signed certificate using the excellent tool SelfSSL I have also setup the default site to require SSL and to require client certificates. But I do not know how to create a client certificate that is accepted by IIS. When browsing to the testsite I get the (expected) error:

HTTP 403.7 - Forbidden: Client certificate required 

How can I create a client certificate?

[UPDATE] I have created a certificate with makecert, as suggested by sipwiz. However, IIS doesn't seem to recognize this certificate as a valid client certificate. I've exported the servers certificate and added the -ic (servercert) switch. This still doesn't do the trick.

Form authentication works on dev server but not on IIS


setup to run one tomcat site on tomcat root (without any contexts) with IIS using jk connector
You can use Microsoft's makecert utility..
ISAPI Settings not visible in IIS7
You may need to tweak the command line options but something like the below should get you started:.
Forms Authentication & Virtual Directory
makecert -pe -n "CN=MyName" -a sha1 -eku -ss my clientcer.cer.
Wix - set file read access
Edit: Added -eku parameter, looks like it's needed for IIS client certs..
IIS URL Rewrite Module : Redirect Based On QueryString

Atlassian Bamboo behind IIS7 with Isapi redirect

Does anyone have a better way to monitor IIS application pools?


Are any of your "client certificates" loaded into your personal certificate store?. Run > mmc > Add/Remove Snap-in > Certificates > My user account > Personal > Certificates . That is where IE expects the client certificates to be.

Once there, IE will ask you which certificate to use.. Brandon.

59 out of 100 based on 34 user ratings 1159 reviews