Hi guys
I've been going over the documentation and can't see what I'm doing wrong. Here's what I've got set up:
- We have an internal certificate server within our domain
- We have an IIS box outside our domain in the DMZ
- I've exported our CA cert from our internal server and installed to the trusted root CAs store on the IIS box
- I've requested and installed a client certificate from our certificate server to my workstation
- I've exported the client certificate as outlined in the documentation (i.e. don't export the private key, Base-64, removed the BEGIN and END certificate lines, put onto 1 line)
- I've enabled iisClientCertificateMappingAuthentication on our IIS server. I've disabled manyToOneMappings and enabled oneToOneCertificateMappingsEnabled.
- I've pasted my client certificate it into the certificate field, set enabled, set a username, and tried with and without a password.
- Anonymous Authentication, Basic Authentication, Windows Authentication, Forms Authentication, and ASP.NET authentication are all disabled for this site.
- Under SSL settings for the site, I've checked the Require SSL and selected Require for Client Certificates
I visit the site from my workstation (on the domain, not in the DMZ), am asked to select a certificate, select the one I exported previously, and then get a 401 - Unauthorized message.
The documentation I've read didn't describe my exact scenario (i.e. domain to DMZ authentication) but as the client browser is giving me an option to select a client cert, this tells me the list of trusted CAs between the 2 machines are configured properly.
I've tried looking through various logs but can't find anything to tell me where the problem is.
Any suggestions on tools I should be using to troubleshoot this or something else I may have missed?
Tks