0

I followed the instructions to create a CA and client certificate using the instructions here http://ondrej.wordpress.com/2010/01/24/iis-7-and-client-certificates/. IIS was configured to accept client certificates. No client certificate mapping was used. I tested it last year with IE 10 and was able to parse the client certificate successfully. Recently I returned to the project and found out that the certificate is not present. WireShark did not show the server requesting a client certificate, while last year I was able to see the certificate traffic between the server and the client. The code I am using is simple:

        if (Request.ClientCertificate.IsPresent)
        {
            Console.WriteLine("Client Certificate found!");
        }
        else
        {
            Console.WriteLine("No Client Certificate found!");
        }

Has anyone seen this problem and if yes what was the solution. I perused almost all the StackOverflow posts regarding client certificates and IIS before posting the question, so please respond with a suggestion not a link to posts I have already seen.

ASP.NET Request.ClientCertificate returning empty on IIS 7

.NET application fails to send client certificate - Win 7 vs Win XP?

Community
  • 1
  • 1
rgeorg
  • 71
  • 9

1 Answers1

0

I found the solution by scouring the System event log and found this suspicious entry:

36885 When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.

The solution here worked http://support.microsoft.com/kb/2801679

rgeorg
  • 71
  • 9