Here’s how I did this, on IIS 7.5: Run the following in an admin command prompt: netsh http show sslcert Save the output in a text file. Will look something like this: IP:port : 0.0.0.0:443 Certificate Hash : [a hash value] Application ID : {[a GUID]} Certificate Store Name : MY Verify Client Certificate Revocation … Read more
I have used this command to troubleshoot client certificate negotiation: openssl s_client -connect www.test.com:443 -prexit The output will probably contain “Acceptable client certificate CA names” and a list of CA certificates from the server, or possibly “No client certificate CA names sent”, if the server doesn’t always require client certificates.
Tracing helped me find what the problem was (Thank you Fabian for that suggestion). I found with further testing that I could get the client certificate to work on another server (Windows Server 2012). I was testing this on my development machine (Window 7) so I could debug this process. So by comparing the trace … Read more
Finally managed to solve all the issues, so I’ll answer my own question. These are the settings/files I’ve used to manage to get my particular problem(s) solved; The client’s keystore is a PKCS#12 format file containing The client’s public certificate (in this instance signed by a self-signed CA) The client’s private key To generate it … Read more