I'm trying to set-up two-way authentication on a web app running on IIS7. The clients are going to mostly be mobile devices and in the first instance I'm trying to get a demo running using a 3rd generation iPad. I thought I'd start with getting it running on my workstation (which is also running IIS) first and then copy the working certificate over the the iPad.
However I've hit a wall.
I've got as far as having the site running securely over https and have installed a self-signed server certificate, however I can't seem to figure out how to generate a client certificate which I can install on the iPad. As I'm working on a local workstation running Windows 7 I can't use the usual http://machinename/CertSvr
to do this.
So I'm wondering if there a way of getting makecert
to generate test client certificates or whether I can change the usage flag in the server certificate to make it suitable for use on the client. Or perhaps there is some tool which the last day of Googling has not yet discovered?
Update:
I found this guide and followed it to the letter. It all seemed to work, no errors, and I ended up with two pfx files, one for the server and one for the client (I generated these using pvk2pfx
and kept the original .pvk
and .cer
files just in case).
I installed the server certificate under Certificates (Local Computer) > Trusted Root Certification Authority
and installed the client certificate under Certificates (Current User) > Personal
. I have also imported the server certificate (the CA one) into IIS. It all works fine when IIS is configured to accept or ignore client certificates. However once it is set to 'Require' I'm getting a 403.7 when requesting the site. I've also tried importing the client certificate to the certificates store in IE/Chrome but again no dice.
Is there something obvious I'm doing wrong?