I’ve succesfully signed and installed certificates on both sides. CA root certificates, server certificate and client certificate. Client is MSIE 6 on WinXP Pro. Server is IIS 5 on Win2K.

The problem is that the client gets a 403.7 response “Client certificate required”. I read this as “Your client certificates are no good in here”. Client doesn’t even display a list of certificates to choose from. Client does establish an htpps connection to a no-client-certificate-required page on the same platform, and the server certificate looks good on the client side.

IE reports 3 Personal certificates, 1 is my own OpenSSL issued and the other 2 are “official” certificates I use for paying taxes, issued by the local Chamber of Commerce, wich I had to pay for. I just connected to the tax web using same client and the official certificates are recognized.

Obviously, my own OpenSSL CA isn’t trusted by default by either machine. I had to install root certificates on both. The same happens with the Chamber’s ones.

Why not upgrade? The upgrade of the Win2K server is planned on mid-2007, I can’t spare any other Win2003 machine. I opted for OpenSSL as the CA platform because I don’t want a bulkier product and MS own certsrv under Win2K is sort of sad.