Browsers will need to have client certificates installed before any web server can receive them for authentication and authorization. Certificate Services can issue these certificates manually by a user, administrator or even programmatically.
Let’s assume that your users need to acquire a certificate themselves. If you have Certificate Services installed on a server with IIS, you will get a website at http://<yourdns.com>/certsrv. Have your users go to this site and make them request a certificate in the following steps:
- Visit the site and request a Web browser certificate
- Enter personal details in the next form. This is an important step that the users must perform. The details are embedded into the certificate later on. The ASP or ASP.NET runtime is able to read this information, so it is vital that it is entered correctly.
- The request will be generated.
At this point the certificate is requested and awaiting approval by a certificate administrator. Later on the user will revisit the site to check if the certificate has been issued. If so they will continue the process by choosing the second link View the status of a pending certificate request at the homepage of the site.
Make sure that when the users revisit the site to get their issued certificate that they type the url with lower-cased certsrv at the end. Otherwise the certificate will not see pending requests.
The users now have a certificate installed on their machine. All certificates are available from the Internet Options dialog in Internet Explorer. On the Content tab click the Certificates button and see which certificates are installed.
Visit the web server again that we prepared again using both http and https. Any luck?
No prompt will appear for http traffic as it is not secure enough to send a certificate. The certificate prompt should be presented for SSL showing only the certificates in the user’s store with the same issuer as the web server’s certificate.
Although you get a prompt for https, it does not show any certificates.
Well, as it turns out, there are quite a lot of issues floating around. Let me tell you about them. Check the next posts on Certificate Services.