Hello all
I am having a little trouble understanding the process of setting up a SSL Development site. I've started to put the pieces together. I have gotten as far as using selfssl.exe to issue a self-signed sertificate to a custom port number. The common name of the certificate is the full computer name of my web (IIS 6.0) server. The site does not have a registered domain name through a registrar, and I just use the exact ip address and port number in the address bar on my laptop to test run the site. Yup! All is fine and well :-)
I am having trouble getting the laptop running XP Pro and IE8 to trust the website. I know it is in part because the certificate name does not match the website address. Ok, in the Secure Communications Dialog Box the checkbox for "Require secure channel (SSL)" is checked. Underneath, is the "Require 128-bit encryption". First Question: Should I check that one, too?
Next, we have: ignore client certificates, accept client certificates, require client certificates. Previously is was set to "ignore". I went and set it to "require" and just as I expected, the: ... "The page requires a client certificate" page shows up. Now, I think that this is exactly what I want to do because it means that the only way somone can view the page, is for them to either find a way to steal a client certificate (highly unlikely) or get me to issue one to them. Second Question: Is that correct?
So, the next sequence went like this: 1. set "require" back to "ignore" 2. Refreshed the page on my laptop 3. added the site to the "Trusted Sites" via tools, internet options, security, trusted sites 4. clicked "Certificate Error", clicked view certificate, and installed the certificate via "Place all certificates in the following store" and navigated to "Trusted Root Certification Authorities" store. ... clicked: OK, Next, Accepted the risk presented to me in the warning about the certificate name and the website name. yada... yada...
So, I figured that since the certificate was installed, I could go back and set "ignore client certificates" back to "require client certificates". ... and that is what I did. However, when I refreshed the page on my laptop again, I still get the: "The page requires a client certificate"
Will someone please help me install the client certificate properly? ... I think that I want to use the "require client certificates" setting. And I would like my laptop to trust the web page, as to avoid the "Continue to this website anyway", not to mention the red address bar and the certifiate error.
Thanks in advance! :-)
Student