Skip to main content

How do I support Microsoft IIS?

Question: How do I configure my TrustCore SDK build flags so that SSL authentication works correctly with Microsoft IIS (Internet Information Services)?

Answer: Microsoft IIS allows administrators to protect websites, directories, or individual files with client certificates. Because of this flexibility, IIS does not ask a client for its certificate unless the client is accessing a protected resource. (IIS does not know what resource the client will request until after the SSL session has been established.)

If a client requests a protected resource, IIS initiates a re-handshake, which includes a certificate request.

To enable mutual authentication and re-handshake support, define the following build flags:

  • __ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__

  • __ENALBE_MOCANA_SSL_REHANDSHAKE__

In the code, add the client certificate and its key to the TrustCore SDK certificate store that was passed as an argument when the connection was initialized (via an SSL_*_acceptConnection or SSL_*_connect call).

In this section: