matching of Client Certificates with Server Certificates

TheMSsForum.com: The Microsoft Software Forum

Hello,
I wanted to know if the following properties of Server Certificates
to be matched with the Server Certificate?

1. Issuer
2. Issued
3. Thumbprint
4 Validity

1. if Private key in the Server Certificate should be associated with the
Client Certificate also?
2. If Server Certificate has only single purpose of "Server Authentication"
as displayed in its properties, can it be exported to .pfx/p7b format file to
be used as a Client Certificate. Please Help

Thanks in Advance
Top

RE: matching of Client Certificates with Server Certificates by anoop

anoop
Thu Feb 22 00:34:10 CST 2007


Hello,
It should be

I wanted to know if the following properties of Client Certificates
to be matched with the Server Certificate?

1. Issuer
2. Issued
3. Thumbprint
4 Validity

1. if Private key in the Server Certificate should be associated with the
Client Certificate also?
2. If Server Certificate has only single purpose of "Server Authentication"
as displayed in its properties, can it be exported to .pfx/p7b format file
to
be used as a Client Certificate. Please Help

Thanks in Advance

Thank you

"anoop" wrote:

> Hello,
> I wanted to know if the following properties of Server Certificates
> to be matched with the Server Certificate?
>
> 1. Issuer
> 2. Issued
> 3. Thumbprint
> 4 Validity
>
> 1. if Private key in the Server Certificate should be associated with the
> Client Certificate also?
> 2. If Server Certificate has only single purpose of "Server Authentication"
> as displayed in its properties, can it be exported to .pfx/p7b format file to
> be used as a Client Certificate. Please Help
>
> Thanks in Advance
Top

RE: matching of Client Certificates with Server Certificates by anoop

anoop
Thu Feb 22 11:19:18 CST 2007

Hello,
I have the Following SSL LOG

System time: Thu, 22 Feb 2007 17:09:28 GMT
Connecting to 10.16.1.1:443
Connected
Handshake: 78 bytes sent
Handshake: 557 bytes received
Handshake: 182 bytes sent
Handshake: 43 bytes received
Handshake succeeded
Verifying server certificate, it might take a while...
Server certificate name: 10.16.1.1
Server certificate subject: CN=10.16.1.1
Server certificate issuer: CN=10.16.1.1
Server certificate validity: From 2/22/2007 9:37:41 PM To 11/17/2009 9:37:41
PM
HTTPS request:
GET / HTTP/1.0
User-Agent: SSLDiag
Accept:*/*
HTTPS: 72 bytes of encrypted data sent
HTTPS: 25 bytes of encrypted data received
HTTPS: Server requested another handshake sequence
Handshake: 86 bytes sent
Handshake: 896 bytes received
Handshake: incomplete credentials, trying again
Handshake: 221 bytes sent
Handshake: 4482 bytes received
4423 bytes of app data was bundled with handshake data
Status:
HTTP/1.1 403 Access Forbidden
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.1
Date: Thu, 22 Feb 2007 17:09:28 GMT
Content-Length: 4237
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page requires a client certificate</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL =
"res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;

//this is where the http or https will be, as found by searching for ://
but skipping the res://
protocolIndex=DocURL.indexOf("://",4);

//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the #
symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We
use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);

//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&amp').replace(/'/g, '&quot;').replace(/</g,
'<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page
requires a client certificate</h1>
</td>
</tr>

<tr>
<td width="400" colspan="2"><font
style="COLOR:000000; FONT: 8pt/11pt verdana">The page you are trying to
view requires the use of a client certificate.</id></font></td>
</tr>

<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>

<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button to try again, if you have installed your client
certificate.</li>
<li>If you believe you should be able to view this directory or page, please
contact the Web site administrator by using the e-mail address or phone
number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) &&
(window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>

<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.7 - Forbidden:
Client certificate required<br>
Internet Information Services</h2>

<hr color="#C0C0C0" noshade>

<p>Technical Information (for support personnel)</p>

<ul>
<p>
<li>Background:<br>
This error occurs when the resource you are attempting to access requires
your browser to have a Secure Sockets Layer (SSL) client certificate that the
server recognizes.</p>
<p>
<li>More information:<br>
<a
href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.7&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3="
target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>

</table>
</body>
</html>
HTTPS: server disconnected
Final handshake: 23 bytes sent successfully

Now please help me, how to solve this problem of Client Certificates.

Thank you


"anoop" wrote:

>
> Hello,
> It should be
>
> I wanted to know if the following properties of Client Certificates
> to be matched with the Server Certificate?
>
> 1. Issuer
> 2. Issued
> 3. Thumbprint
> 4 Validity
>
> 1. if Private key in the Server Certificate should be associated with the
> Client Certificate also?
> 2. If Server Certificate has only single purpose of "Server Authentication"
> as displayed in its properties, can it be exported to .pfx/p7b format file
> to
> be used as a Client Certificate. Please Help
>
> Thanks in Advance
>
> Thank you
>
> "anoop" wrote:
>
> > Hello,
> > I wanted to know if the following properties of Server Certificates
> > to be matched with the Server Certificate?
> >
> > 1. Issuer
> > 2. Issued
> > 3. Thumbprint
> > 4 Validity
> >
> > 1. if Private key in the Server Certificate should be associated with the
> > Client Certificate also?
> > 2. If Server Certificate has only single purpose of "Server Authentication"
> > as displayed in its properties, can it be exported to .pfx/p7b format file to
> > be used as a Client Certificate. Please Help
> >
> > Thanks in Advance
Top