When using self-signed client certs (for example testing TLS from a browser to your local dev server) be sure to add it to the “Local Computer => Trusted Root Certification Authorities” store AND the “Current User => Personal” store. Once you do this it will show up in IE/Firefox as an available client certificate and IIS will accept it as valid/trusted.
Also, IIS7 has a built in self-signed certificate generator for server certs in IIS admin. Long overdue.
Lastly, if you ever need to get at the thumbprint of the client certificate in ASP.NET, here’s the code:
if( Request.IsSecureConnection )References:
{
X509Certificate2 certificate = new X509Certificate2( Request.ClientCertificate.Certificate );
Response.Write( "X.509 Thumbprint = " + certificate.Thumbprint + "<br/>" );
Response.Write( "X.509 SubjectName.Name = " + certificate.SubjectName.Name + "<br/>" );
}
ScottGu's Blog
Usenet Post
♦Add to del.icio.us ♦DiggIt! ♦Reddit ♦Stumble This ♦Add to Google Bookmarks ♦Add to Yahoo MyWeb ♦Add to Technorati Faves ♦Slashdot it
No comments:
Post a Comment