Using Client Certificate Authentication with IIS 6.0 Web Sites

by Tom Shinder
Sept. 1, 2017 1 comment TechGenix Encryption & Authentication windows server security

What methods do you use to control access to your secure Web sites? Do you require authentication? If so, what type of authentication? Are the users’ credentials passed in clear text? Do you secure data moving between the Web site and the client, or can anyone with a network sniffer read all the data moving between the Web client and the Web server? The definition of secure is a moving target. If you talk to the security wonks, they’ll tell your configuration is not secure, and that you’ll have to spend untold number of dollars and administrator hours to correct the security flaws in your network. Meanwhile, if you were to go to the security consultant’s home, you’ll find he has glass windows and clear glass panes on his doors which are easily breakable. Any run-in-the-mill burglar can make off with his stereo and laptop computer sitting on the desk inside.

Irina Alexandra Negrii 7 months, 1 week ago

we need to install the Root CA certificate in the Trusted Root Certification Authorities store on the Web server machine. This allows the Web server to trust the Web site certificate installed on the IIS Web site.