We have this working. We created a virtual directory on the http server
pointing to a bogus dir on that same server, and told IIS to require client
certs for that virt dir. The requests get properly forwarded to the apps
server's corresponding dir, and client certs are required. I'm not sure why
my previous attempts weren't successful. Either because I was using real
dirs instead of virt dirs, or because it was 2 levels down in the site,
rather than immediately off the root. But we have what we need. - Peter
> -----Original Message-----
> From: Buck, Peter M
> Sent: Sunday, September 15, 2002 1:12 PM
> To: 'resin-interest@xxx.com'
> Subject: Client Certs in IIS for a subsite, distributed environment
>
>
> I want a site that requires ssl, with
>
> /mysite/ssl requiring ssl only
> /mysite/certs requiring ssl AND client certs.
>
> That is, I want to be able to surf to
> https://myserver/mysite/ssl without a
> cert, but not to be able to get to
> https://myserver/mysite/certs unless I
> have a client cert installed.
>
> I can configure IIS to require client certs for the entire
> site. That's
> easy enough.
>
> Assuming a site root at C:\inetpub\mysite, on the HTTP
> server, I created
> C:\inetpub\mysite\certs
> (which of course is not really where the site is--that's on
> the apps server
> where the srun statement in resin.conf points). In IIS
> Manager, I required
> client certs for
> C:\inetpub\mysite\certs.
> However, I can still surf to https://myserver/mysite/certs
> without a cert.
>
> As I understand it, srun.dll reconfigures the URI so that
> when I try to
> access https://myserver/mysite/certs, what IIS actually sees is
> https://myserver/scripts/srun.dll/mysite/certs. So I created
> C:\inetpub\scripts\mysite\certs
> and told IIS Manager to require client certs for THAT
> directory. Still no
> go.
>
> Has anyone been successful with an IIS site where certs are
> required but
> only for part of the site?
>
> As always seems to be the case, my need is urgent.
>
> Thanks,
> Peter Buck
>
Received on Mon 16 Sep 2002 12:13:43 -0700
This archive was generated by hypermail 2.1.8 : Thu Sep 28 2006 - 20:17:14 PDT