A colleague and I had a hard time getting our IIS servers to accept client side certificates. It turns out the problem was that we had installed the SSI-TEST-CA certificate in the trusted root of our own user accounts, not in the machine trusted root. He had an even more difficult time of it since SSL on his server became completely disabled for reasons unknown. He and I spent most of the day trying to troubleshoot it, with no result. The problems were:
- At first, client-side certificates would not be recognized.
- Later, server-side certificates started failing.
- Finally, HTTPS failed completely.
This degradation occurred as he was uninstalling and re-installing certificates. We tried:
- blowing all the certificates away and re-installing them
- uninstalling IIS and re-installing it
- hacking at IIS's metabase.bin file using metaedit
- restoring the system to an earlier restore point (this one worked, but when we tried to reconfigure IIS for SSL, it quickly degraded again).
We are stumped.
