You need a cert with the Client auth EKU. You're not getting that with a cert generated with selfssl l'm guessing. You generally use this feature with smartcards or other 2 factor devices. The logon mapping happens based on the UPN in the cert and an AD lookup.
Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -----Original Message----- From: Tigran K [mailto:tigr...@gmail.com] Sent: Thursday, September 17, 2009 3:26 PM To: NT System Admin Issues Subject: How do I enable mutual SSL in IIS7 with a self-signed certificate? I've created a self-signed certificate in IIS7. Then I exported this certificate to a .pfx and then installed it on the client machine's IE browser. Then I set "Require Client Certificate" on the server's IIS configuration. When I try to visit the site with IE, a dialog box comes up for me to choose a certificate, however, there are no certs in that dialog box. When I click "OK" without choosing any certs, I get a 403 forbidden error. How can I make this work? Appreciate the help in advance. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~