Hi!
Situation:
- We use third party smartcards for accessing IIS websites.
- Two way SSL is IIS requirement.
- In IIS server root and intermediate certificates are imported so IIS trusts our third party client certificates.
- In client computers full chain of client certificates is not available, so only user certificates are present in user personal store (inetrmediate and root certificates are not available on clients!).
- Certificate is not offered on client side for logging into website!, until:
- import root and intermediate certificates to client;
- Allow IIS to show all client certificates on client by configuring SendTrustedIssuerList registry value on IIS server.
Question: how is it possible to configure IIS to show all IIS trusted certificate on client side even the full certificate chain is not available on client?
Note. With other webservers there is no problem to allow client to list certificates with missing chain on client side.
Thanks,
UV