The information in this article applies to:
SYMPTOMSWhen you connect to a secure (HTTPS) Web site, you may be presented with a "Client Authentication" dialog box, prompting you to select a client certificate to use for authentication with the IIS computer. When you select a client certificate, you may be denied access and the following error message may occur:
CAUSE
This error can occur if you choose a client certificate created by a Certificate Authority (CA) that is not trusted by the IIS computer. WORKAROUNDIf you do not have a client certificate that was created by a CA trusted by the IIS computer, you can either request a new client certificate from a Certificate Authority that is trusted by the IIS computer or have an administrator configure the IIS computer to trust the CA that created your client certificate. For additional information on installing new Trusted Certificate Authorities on the IIS computer, click the article number below to view the article in the Microsoft Knowledge Base: Q216339 Using Secure Sockets Layer, Root Certifying Authority Certificates, and Iisca.exeIf you do have a client certificate that was created by a CA trusted by the IIS computer, then it is possible that your Windows 2000 domain has been configured with a group policy that forces the IIS computer to "Trust Only Enterprise Root Stores." If this policy is in enabled, the authentication will still fail, even if the CA is a Trusted Root Store. To work around this issue, remove the Group Policy Trust only Enterprise Root stores option for the domain. To do this, perform the following steps:
STATUSMicrosoft has confirmed this to be a problem in Microsoft Internet Information Services version 5.0. Additional query words: IIS 5
Keywords : kbWinOS2000 |
|
Last Reviewed: February 3, 2000 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |