Skip to main content

How do I support Microsoft IIS?

Question: How do I configure my TrustCore SDK build flags so that SSL authentication works correctly with Microsoft IIS (Internet Information Services)?

Answer: Microsoft IIS allows administrators to protect websites, directories, or individual files with client certificates. Because of this flexibility, IIS does not ask a client for its certificate unless the client is accessing a protected resource. (IIS does not know what resource the client will request until after the SSL session has been established.)

If a client requests a protected resource, IIS initiates a re-handshake, which includes a certificate request.

To enable mutual authentication and re-handshake support, define the following build flags:



In the code, add the client certificate and its key to the TrustCore SDK certificate store that was passed as an argument when the connection was initialized (via an SSL_*_acceptConnection or SSL_*_connect call).