Forcing a 2-way SSL

Hi,
I have a problem that the server (servlet or ASP-page) needs the client
certificate in order to do a proper verification of the client.

If the server could force the setup of a 2-way SSL, the client-browser
would prompt the user with a "choose certificate" dialog (preferably
only those that the server could validate). That would result in the
client-certificate being included in the request-object and could be
picked out / verified by the server.

Anyone who knows if this is possible, and how to do it?

I know this is possible with Apache, so I could probably have an Apache
front-end that could do this (and re-directing to the IIS), but that is
not very elegant.

Regards, Erik

Erik,

This is part of the basic functionality of IIS and SSL.

On the Secure Communications page where you tell IIS to 'Require Secure
Channel' there is an option to 'Require Client Certificate'.

If you click the radio button to require a client certificate it should
almost exactly as you describe.

Hope this helps.

David Dietz -- IIS Support Professional
Search our online Knowledge Base
http://support.microsoft.com/support/

This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved

--------------------
|>Message-ID: <3F658915.1080702.RemoveThis@ergo.no>
|>Date: Mon, 15 Sep 2003 11:40:37 +0200
|>From: Erik Ruud <erik.ruud.RemoveThis@ergo.no>
|>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1)
Gecko/20020823 Netscape/7.0
|>X-Accept-Language: en-us, en
|>MIME-Version: 1.0
|>Subject: Forcing a 2-way SSL
|>Content-Type: text/plain; charset=us-ascii; format=flowed
|>Content-Transfer-Encoding: 7bit
|>Newsgroups: microsoft.public.inetserver.iis
|>NNTP-Posting-Host: pc6-199.sds.no 139.105.6.199
|>Lines: 1
|>Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
phx.gbl!TK2MSFTNGP09.phx.gbl
|>Xref: cpmsftngxa07.phx.gbl microsoft.public.inetserver.iis:275148
|>X-Tomcat-NG: microsoft.public.inetserver.iis
|>
|>Hi,
|>I have a problem that the server (servlet or ASP-page) needs the client
|>certificate in order to do a proper verification of the client.
|>
|>If the server could force the setup of a 2-way SSL, the client-browser
|>would prompt the user with a "choose certificate" dialog (preferably
|>only those that the server could validate). That would result in the
|>client-certificate being included in the request-object and could be
|>picked out / verified by the server.
|>
|>Anyone who knows if this is possible, and how to do it?
|>
|>I know this is possible with Apache, so I could probably have an Apache
|>front-end that could do this (and re-directing to the IIS), but that is
|>not very elegant.
|>
|>Regards, Erik
|>
|>