none
SSL Cerificate not prompting to choose in IE11. RRS feed

  • Question

  • Hi Guys,

    I've been struggling to know how the IE or windows system behaves while SSL used for webservice call. As far as I know its simple to install pfx or p12 file into personal truststore and then install the Root singer certificates in Trusted root authorities. Now the problem Im facing is that I have 3 personal (key(pfx)) files installed in the Personal store and while accessing the webserivce url with mutual authentication, IE11 use to prompt which certificate should you use and I had selected respective certificates. While troubleshooting the issue I have removed 2 of 3 and tested with no success. Now I imported the other 2 that I removed and surprisinggly its not prompting to choose certificates as it did earlier. So is there any option that tells IE to use any default pfx or should we remove all of them and export again in the order that we want ??

     

    Tuesday, July 28, 2015 3:42 AM

Answers

  • Hi

    Yes, “When the server requests a certificate, the user may be shown a prompt dialog asking which certificate they would like to send. URLACTION_CLIENT_CERT_PROMPT  controls the browser’s prompting behavior. By default, the URLAction is set to Enable in the Local Machine and Intranet zones, and Disable in the Internet, Trusted, and Restricted zones.”

    When set to Enable:

     

    If the user has no suitable client certificates, no prompt is shown, and no certificate is sent to the server

    If the user has only one suitable client certificate, no prompt is shown, and that certificate is sent to the server

    If the user has multiple suitable client certificates, the certificate selection prompt is shown

    When set to disable:

    If the user has one or more suitable client certificates, the certificate selection prompt is shown.

    There is an old article which descripting about Client Certificate selection prompt. Still worth to read since I think this behavior won’t change much.

    Client Certificate Selection Prompt

    http://blogs.msdn.com/b/ieinternals/archive/2009/09/03/client-certificate-selection-prompt.aspx

    Regards,

    D. Wu


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, July 31, 2015 5:40 AM
    Moderator