Hi,
I want to be able to create a test client certificate signed by a test CA and establish a SSL connection and identify the client using this certificate using IIS7 and Firefox on Windows 7, all locally on a development machine. I am deploying my MVC application
from VS2010. So far I have done the following:
1. Created the CA using:
makecert -n "CN=mydomain" -r -pe -sv DevCA.pvk DevCA.cer -sr LocalMachine -a sha1 -sky signature -cy authority
2. Create a client certificate signed by DevCA:
makecert -sv testclient.pvk -iv DevCA.pvk -pe -a sha1 -sky Exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -n "CN=mydomain" -ic DevCA.cer testclient.cer -ss My -sr LocalMachine
3. Create PFX files of the two certificate:
pvk2pfx.exe -pvk testclient.pvk -spc testclient.cer -pfx testclient.pfx
pvk2pfx.exe -pvk DevCA.pvk -spc DevCA.cer -pfx DevCA.pfx
4. Use certmgr to import DevCA to trusted root certificates
5. In IIS manager:
a) Added testclient.pfx to 'Server Certificates'
b) In my site, set SSL Settings to accept SSL
c) Set HTTPS bingings to use testclient certificate
6. In Firefox I then add DevCA to Authorities tab and testclient to 'Your Certificates', in IE I import CA and client certificates using certmgr.
When I navigate to my application in Firefox using HTTPS I get:
"Connection is untrusted"
In IE I get:
"HTTP Error 403.16 - Forbidden, Your client certificate is either not trusted or is invalid."
If I then add an exception I can establish an SSL connection but within my application I cannot get details of the client certificate using:
HttpClientCertificate cert = this.Request.ClientCertificate;
if (cert.IsPresent) etc..
Not sure what I'm doing wrong here. Any ideas?
Thanks,
Richard