Vsevolod
Guest
|
 Posted:
Thu Sep 29, 2005 8:51 am Post subject:
IIS 6 behavior on checking clients' certificates (again 2) |
|
|
Hello !
It's me again with the same pquestion or the problem. I was forced to ask
you about subj because my last post is unanswered yet.
After numerious tests I determined IIS 6 can't build certificate chain
without presence of intermediate certificates in Intermediate Certificate
storage of Local Computer where IIS 6 runs. It doesn't take these
certificates from url pointed in AIA extension of client certificate. Though
it takes Base and Delta CRL from URLs pointed in CDP extension. BTW IIS 6 can
omit check certificate revocation status if we set CertCheckMode parameter
not equal 0.
In this case if resources that are pointed in CDP extension are unavailable
we get the error: HTTP 403.13.
In the article "Troubleshooting Certificate Status and Revocation" I have
read
"To improve performance, the CryptoAPI will store subordinate CA
certificates in the Intermediate Certification Authorities store so that
future requests for the certificate can be satisfied from the store, rather
than accessing the certificate through a URL".
I have determinated : IIS 6 doesn't work as written in the article but
certutil does.
How can you explain this ? Where is I mistaking ?
Sorry again.
Best regards,
Vsevolod. |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in