PKI client certificates Issue

[lightningtechie2011]

Hello, We use client certificate authentication. Client certs are issued by an intermediate CA. When visiting the client cert secured website, the only certs offerred by the browser are those which are issued from a root CA. The intermediate CA cert is installed on the web server. If we install the intermediate cert on the client, the browser then offers the client cert. Is this correct behavior and if so why??, as I was expecting the client to offer the client cert issued by the intermediate CA as the web server has both root and intermeidate certs installed Many thanks

 

[kmcferrin]

Your message is a bit confusing...long story short, your clients have to trust your CAs. If you have an enterprise root CA then AD should take care of this for you. If you don't have an enterprise CA then you would need to do something to install the CAs cert in the trusted certificate store on your client machine. Is that what you're talking about?

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator