SunnyByfleet
Technical User
At work I have the following environment:
Windows 2003 domain
Certificate Services Enterprise Root Server.
IIS6 Web site. SSL is enabled.
For one folder called SECURE, I've made authentication by client certificate mandatory.
This works well, a user can browse to the web site, but if they go to the SECURE folder, a dialog pos up telling them to specify a certificate. They have to request the certificate from the Cert Server, which installs it on their machine. Once they have done that, this certificate can be used in the dialog mentioned above.
This all works well.
The problem arises because I want a user on a computer that is not part of our domain (lets call it ROAMING) to have access to this web page, using a certificate.
First of all, I have exported the root key of the Certificate Server, and imported it into ROAMING using Internet Explorer. This prevents queries when I browse to the web site using SSL.
However, I cannot authenticate this client using Certificate Services. I appreciate I will have to use an explicit mapping to a AD user object, but my problem is more fundamental than that, how do I create a certificate for this client in the first place? Without the certificate, I can do no mapping.
I have tried exporting an existing AD user object's certificate and importing it to the client, but the client treats that as somebody else's certificate, and when I browse to SECURE it doesn't get displayed.
Any help would be appreciated.
Windows 2003 domain
Certificate Services Enterprise Root Server.
IIS6 Web site. SSL is enabled.
For one folder called SECURE, I've made authentication by client certificate mandatory.
This works well, a user can browse to the web site, but if they go to the SECURE folder, a dialog pos up telling them to specify a certificate. They have to request the certificate from the Cert Server, which installs it on their machine. Once they have done that, this certificate can be used in the dialog mentioned above.
This all works well.
The problem arises because I want a user on a computer that is not part of our domain (lets call it ROAMING) to have access to this web page, using a certificate.
First of all, I have exported the root key of the Certificate Server, and imported it into ROAMING using Internet Explorer. This prevents queries when I browse to the web site using SSL.
However, I cannot authenticate this client using Certificate Services. I appreciate I will have to use an explicit mapping to a AD user object, but my problem is more fundamental than that, how do I create a certificate for this client in the first place? Without the certificate, I can do no mapping.
I have tried exporting an existing AD user object's certificate and importing it to the client, but the client treats that as somebody else's certificate, and when I browse to SECURE it doesn't get displayed.
Any help would be appreciated.
