-1 down vote favorite
Created a CA using: makecert -r -pe -n CN=WingCA -sr CurrentUser -a sha1 -sky signature -cy authority -sv WingCA.pvk WingCA.cer
imported it to root: certmgr -add -all -c "WingCA.cer" -s -r LocalMachine Root
Created Server Cert: makecert -pe -n CN=WingServer -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic WingCA.cer -iv WingCA.pvk -sv WingServer.pvk WingServer.cer
Created Client Cert: makecert -pe -n CN=WingClient -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -ic WingCA.cer -iv WingCA.pvk -sv WingClient.pvk WingClient.cer
Exported the pfx:
pvk2pfx -pvk WingServer.pvk -spc WingServer.cer -pfx WingServer.pfx
pvk2pfx -pvk WingClient.pvk -spc WingClient.cer -pfx WingClient.pfx
AT Server Machine Installed both WingCA.cer to Trusted root WingServer.cer and WingClient.cer into default location by double clicking it imported the pfx files to IIS checked require SSL checked Require client certificate.
At Client Machine Installed both WingCA.cer to Trusted root WingServer.cer and WingClient.cer into default location by double clicking it.
When trying to go to https://WingServer from IE getting HTTP Error 403.7 - Forbidden: SSL client certificate is required. IE doesn't even ask me to select the client certificate that I need want to preset.
If I uncheck the require client certificate it works with a charm, but I want to have client present the certificate as well.
Best Answer
It's not near as often that people use client certificates as SSL server encryption. The two are different from each other. If it is client certs that you do really want, here's a couple good links that you may find helpful. The 2nd link walks through the configuration of certs to clients.