in my behavior configuration for a WCF service I have a
section. Within that section I have a section:

storeName="My" x509FindType="FindBySubjectName" />


This service is hosted in IIS 7.

When I try to access that service I get a "Keyset does not exist" exception.
From what I can gather it means that the identity that the service is running
under cannot access the certificate store.

The solutions that I have found posted seem to work only for XP and Windows
2003, not Windows 2008.

What should I do?

Everyone,

I have a client that has a wildcard cert on a load balancer in front of a
server farm. One of the webs that is hosted on this farm uses Client Certs
for authentication. Unfortunately, the issue arises that the load balancer
(F5) decrypts SSL handing only port 80 to the back-end web servers. Under
this configuration, the client certs are never checked as the inbound traffic
is HTTP only. Now we can use the internal CAs to issue the server certs and
pass the HTTPS all the way to the IIS instance... but then this has the
problem of causing the unauthorized cert warning to be displayed.

Further, this is posing a particular issue when obtaining the user cert as
Vista clients will not accept a cert unless the decrypt is happening in IIS
and has no way of detecting that the connection is secure, but through the
load balancer.

I am looking for some kind of direction here of how to do this correctly
while still using the wildcard that is supporting the farm.

I'm running W2K3 R2 SP2 with IIS 6 (on a virtual private server).

I have a self-signed certificate. It is installed.

I have multiple web sites set up and running correctly. Only one site
(called mydomain.com here) requires SSL at this time. I can access
mydomain.com via HTTP but not via HTTPS. I get a timeout with no error
message and nothing appears in the IIS log for the failed HTTPS access
attempts.

I have run the following script:

cscript.exe adsutil.vbs set /w3svc/123586192/SecureBindings
":443:mydomain.com"

Here is the output from SSLDiag.exe:

System time: Fri, 18 Jul 2008 16:00:15 GMT
ModuleFileName: C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe version:
1.1:34.0
CommandLine: "C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe"
ProcessorArchitecture: x86
OS: Windows 2003 Service Pack 2
IIS6 - World Wide Web Publishing (W3SVC) service is installed

I am hosting multiple domains on my Win2k3/IIS 6 server using a single IP
address and host headers. For the past year I have had only one domain that
required an SSL certificate. Now I have two, and I learned the hard way that
I can't have 2 separate SSL certs on the same server with only 1 IP address.
Rather than use up one of my limited external IP addresses, I went to Godaddy
and purchased a multi-domain cert (not a wildcard cert) with one primary
domain and 2 secondardy names (SANs.) However, everything went downhill when
I tried to install the new cert. I exported and removed the original cert,
then installed the new cert on the new primary web site. I then installed
the existing cert on the other web site. At this point nothing worked. The
new primary site wouldn't start...

We are sometimes getting the following error when calling User.IsInRole:
The trust relationship between the primary domain and the trusted domain
failed.

If the user is in the group we are specifying, IsInRole returns true. If
they are not in the group we are specifying, IsInRole throws that error.

Has anyone seen this before, or now how we might be able to troubleshoot
this? Perhaps there is additional logging we can turn on for the lower level
security calls?

Hi, exist some form to encrypt all the urls with iis. ?

Im using asp.net, coldfusion in my site.

I am in process of creating SSL for OWA adn am stuck at the following:
The default web site, view cert, and it is there.
I do not see the certreq.txt at the root of the server.
The created server cert is installed.
http://server/certsrv

So how do I make a cert request without the text file?
Thank you.

Hi All,

We have a requirement to connect a few pcs and windows mobile devices across
the internet to an internal webserver. We would like to have SSL connections
and the additional security of client certificates.

We have a CA server (which is also an Exchange server to create certificates
for Outlook Web/Mobile access). And have set up the webserver, enabled SSL
with a server cert from the CA, but now want to enable client certificates
for the internal webserver, so we can distribute to all of the clients.

Can I just make one client cert that I put on all of the clients (if so how
exactly?), or do I have to connect each client to the CA's Certsrv to get the
client cert? (I don't want to do the client cert/user account mapping).

Any help/advice appreciated

Many thanks,

Al

Hi,

We have a private web on our intranet we use to authenticate users so
we can pre-populate form fields. We are in the process of upgrading
from 2000 to XP (hey, it's the government...), and it appears that XP
clients are throwing up an authentication dialog box for some reason.
However, if the user simply clicks the Cancel button, the dialog
button disappears and then can press back to access the requested
page, and any other page within the private web, for the duration of
their session.

Anyone have a clue what's going on and how we might suppress that
authentication dialog box from appearing?

Regards,

Chris

Hi Team, I need your help URGENTLY!
I have an IIS web server, want to config authentication on one directory.
one directory of radmin software.
radmin is a web based software , used to manage users
and save users in a MS SQL DB.
it has a kind of admin user, I can create one with limited right so that
this user can see only some tabs
but on IIS setting, I can only see windows integration authentication, no
SQL integrated authentication
so the users I created on windows can do authentication ,but cannot see the
correct pageI guess this user doesn't match the user created in radmin
software
DB is MS SQL 2005
I use SQL management studio and did't see anything related to IIS
any advice? my mail: uniholding@gmail.com