IIS 6.0: Computer must trust all certification authorities trusted by individual sites
- Add a certificate snap-in for the local computer:
- Click Start, click Run, type mmc, and then click OK.
- On the File menu, click Add/Remove Snap-in, and then click Add.
- Under Snap-in, double-click Certificates, select Computer account, and then click Next.
- Select Local computer, click Finish, and then click Close.
- Click OK to exit the wizard.
- Export the certificate from the local computer Personal Certificate store:
- In the snap-in for the local computer, double-click Certificates (local computer), double-click Personal, and then double-click Certificates.
- Right-click the root certification authority certificate for the certification authority that issues the client certificates, click All Tasks, and then click Export to open the Certificate Export wizard.
- Click Next, select a format for the export, specify the directory where you want to store the exported certificate, click Next, and then click Finish.
Note The DER Encoded Binary X.509 format and the Base64 Encoded X.509 format are used for interoperability if the certification authority is not a Microsoft Windows 2000-based server.If you do not know the certification authority type, use one of these formats.
- Import the certificate to the local computer Trusted Root Certification Authorities certificate store:
- In the snap-in for the local computer, double-click Trusted Root Certification Authorities, double-click Certificates, right-click All Tasks, and then click Import to start the Certificate Import wizard.
- Click Next, specify the exported certificate that you created in step 2, and then click Open.
- Click Next. Verify that Place all certificates in the following store is selected and that Certificate Store lists Trusted Root Certification Authorities.
- Click Next, and then click Finish.
- Open the Internet Information Services management console, right-click the Web site that is experiencing the error, and then click Property.
- Click the Directory Security tab.
- Under Secure communications, click Edit.
- If the Enable certificate trust list check box is selected and the Current CTL field is populated, you can do the following tasks:
- Click to clear the Enable certificate trust list check box. This will enable IIS to use all certificates in the server certificate store.
- Click Edit, and follow the prompts in the Certificate Trust List Wizard to add the appropriate server certificate.
Note Edit is only available when the CTL is populated with one or more certificates from the server certificate store.
- Click OK when you are prompted.
- Test a page that requires a client certificate.
Artikelnummer: 332077 – Letzte Überarbeitung: 12/03/2007 21:26:22 – Revision: 3.6
- kbpending kbprb KB332077