How to send "Certificate Request" in IIS

Question

I have a web site configured in IIS to Accept, but not require client certificates. When a request is made to our site, I do not see the "Certificate Request" in our after the "Server Hello" in WireShark.

I have even changed the IIS settings of the website to require client certs, but I don't see the certificate request in from the server in wireshark.

Dig the related RFC documents from IETF. – Lex Li Aug 18 '16 at 02:26 — Lex Li, Aug 18 '16 at 02:26

score 2 · Accepted Answer · edited May 23 '17 at 10:27

2

I had the same effect after setting up IIS (IIS Express 10.0 in my case) to require client certificates. The "Certificate Request" message from IIS started to appear in Wireshark only after I've configured client certificate negotiation during initial TLS handshake as described in this answer.

edited May 23 '17 at 10:27

Community

1
1

answered Nov 04 '16 at 08:04

Radek

123
10

score 1 · Answer 2 · answered Aug 18 '16 at 04:31

1

... but not require client certificates. ... I do not see the "Certificate Request" i

A Certificate Request is only send if the server requires a certificate for a client, i.e. when you configure the server to require client certificates. Because why should the server request a client certificate if the server does not need it at all?

answered Aug 18 '16 at 04:31

Steffen Ullrich

114,247
10
131
172

Even when I require ssl and require client certificates, the certificate Request is not sent. The same "Server Key Exchange" exchange is used. – Nick Aug 18 '16 at 15:11
@Nick: then something is configured wrong. If properly configured that client certificates are required then a CertificateRequest will be send. – Steffen Ullrich Aug 18 '16 at 15:55
@Nick: Somehow it is not configured that this site is needing a client certificate. I have no idea what you did and thus I cannot tell you what went wrong. – Steffen Ullrich Aug 18 '16 at 18:34

How to send "Certificate Request" in IIS

2 Answers2