Client Certificate Storage

Client Certificates that are sent with AspTear are taken from the CertStore that is also used by Internet Explorer. This store is encrypted and only accessible by the NT user that is either currently logged in or the NT user that is set as package identity in Microsoft Transaction Server.

 

Note: It is strongly recommended that when you use client certificates in a Web server environment that you create a distinct user account for the Web site in question (assign it in ISM to the anonymous account) instead of putting ACL's (access control list) on the directory that contains the ASP's to connect to the remote server. Running AspTear in Transaction Server can cause weird SSL behavior (requests timing out) and is not supported in this release.

 

To view the certificates that are installed for a user, perform the following steps:

 

  1. Log in locally with this account (certificates are local to the computer and are not part of the profile)
  2. Start Internet Explorer
  3. Run Internet Options from the Tools menu
  4. In the Internet Options dialog box, switch to the Content tab
  5. To view all installed certificates, click on the Certificates button. Certificate Manager opens. See the Figure below for a sample.

 

Because Internet Explorer is used to store the certificates, this also implicates that you must use Internet Explorer to install new client certificates. This is done via the sign up pages at the Certificate Authorities (CA's) by simply clicking on the download link for the certificate.