How to Secure a Web Site Using Client Certificate Authentication
Select Computer Account and click Next. Select Local Computer and click Finish. Click Close and then OK. In order to create the chain of trust we need to add the self-signed certificate to the Trusted Root Certification Authorities store. To do this right-click on the certificates folder and click All Tasks, Import which will invoke the Certificate Import Wizard.
Click Next and then browse to the location of the certificate you wish to import. Click Next and then click Next again to accept the default certificate store. Then click Finish to complete the import. You can now install the self-signed client certificate into the User’s personal certificate store as the chain of trust is complete and the certificate will be trusted.
On the client machine where the certificate is to be used, log on as the user who will be using the certificate and open Internet Explorer. Click Tools, Internet Options and click the Content tab.
Click Certificates and on the Personal tab click Import to invoke the Certificate Import Wizard. Browse to the location of the .PFX file containing the client certificate and click Open then Next. Enter the relevant password details and check the Mark this key as exportable tick-box. Do not check the Enable strong private key protection tick-box
Click Next and accept the default certificate store and then click Next and then Finish to complete the certificate import. You should now see the certificate in the user’s personal certificate store.
# Note - You need to ensure that the User’s certificate store on the client machine contains the private key of the client certificate. If it doesn’t you won’t be able to establish a successful handshake and the connection will fail. If you highlight the certificate and click View you should see that the certificate has a private key. Refer to KB article 907274 if you don’t understand this.
