Hello,

I'm doing tests on IIS6 with client certificates. What I wan't to
realize is, that users must have a valid client certificate for
accessing a website.

There are 3 machines involved:
IIS (2003 standard server with IIS, isolated - no domain member)
CS ( 2003 standard server with certificate services
XP (Windows XP Client)

Here is what I've actaully done:
- created a web site (IIS)
- created a ssl certificate with selfssl (IIS)
- activated ssl for a virtual directory of the website (IIS)
- installed certificate services (CS)
- accessed http://m2/certsrv and requested a user certificate (XP)
- build the user certificate (CS)
- installed the user certificate (XP)
- added the CA (CS)  to the trusted CAs on XP

The client certificate is now shown as valid on XP for Filesystem
encryption, E-Mail, Clientauthentication.

On IIS I did the follwing
- added the CA (CS) to the trusted CAs on IIS
- installed the user certificate of XP (Its under Other Persons now)
- activated client certificates in IIS and created a link from the
certificate to local admin for testing purposes.

Now what happens if I try to reach the virtual directory is:

HTTP Error 403.7 - Forbidden: SSL client certificate is required.

What am I doing wrong? O.K. i don't use any certificates of default
trusted CAs but I guess a test should work with simple self generated
certificates. Must there be any connection between the certificate
server and the server with IIS - do they have to be in the same domain?

Please help me with this

Yvonne

The Clien