我的头解决不了这问题，到处在寻求答案 要是谁有点思路，小弟定当感激不尽，下面是他的问题 The current task we are doing is two factors authentication, which is used to authenticate users against both their client certificates and their accounts . Now we configured a web server successfully, which requires clients certificates when users access it. And then try to make it working with SiteMinder( the SSO application). We need use SiteMinder to validate both of the users certificates and user accounts. But after we installed SiteMinder agent for the web server, the SiteMinder can not get the clients certificates from web server side. The information we got is that there are something in IIS preventing SiteMinder from getting the clients certificates. SiteMinder support said we need disable a option in IIS, named CDP checking. CDP means CRL Distribution Point, and CRL means Certificate Revocation List . Actually, we disabled the CRL checking of IIS by setting CertCheckMode to 1 in IIS. But it doesn't resolve this problem. All members in SSO team are not familiar with x509 certificate and advanced SSL configuration for IIS. So we want ask for helps from who are experienced in x509 certificate, SSL configuration for IIS, especially CRL and CDP. If anybody are familiar with SiteMinder x509 configuration, it will be perfect. --

※ 发信站: 批踢踢实业坊(ptt.cc) ◆ From: 60.177.98.248 ※ outdance:转录至看板 NetSecurity 01/12 22:03