xiaohudong wrote:
>
> Hello,
> Ahha,so many answers,thanks everyone.
> Now the problem seens more clear:the acceptable CA list send by IIS is empty.
> But I still don't know why this happens.My plateform is Win2000 Professional
> +IIS5.0,I think I have setup everything.I think that the CTL controls which CA is
> acceptable,and I do import the CA certificate into it.
> I do as Hemson's instruction,there is a line I think indicate the problem:
> No client certificate CA names sent.
>
Ah I should've explained a little more clearly. You need the -prexit
option *and* you need to type in a page request manually, for example
GET /some/page/needing/authentication/page.html
or
GET /some/page/needing/authentication/page.html HTTP/1.0
<CR>
that is a blank line. This is because IIS is probably only requesting a
certificate after the page has been requested. The bit it then sends
should include the CA list.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
