Microsoft KB Archive/216829

= How to Write a Client Authentication Certificate to a File in IIS 4.0 =

Article ID: 216829

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q216829



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SUMMARY
Sometimes it may be useful to store a public key certificate for future use. The following ASP code takes the client authentication certificate provided by the client and writes it to a file called c:\Cert.txt.

For this to work, you must first configure a virtual directory to use SSL and require a client authentication certificate. You can analyze the certificate using the CERTUTIL tool that ships with the Windows NT Option Pack. For more information on how to do this, please see the following article in the Microsoft Knowledge Base:

216830 IIS: How to View the Contents of a Certificate

The following is the ASP code needed for this to work:

<% @Language = VBScript %> <% Response.Buffer = True %>   <%    'Instantiate the ASP FileSystemObject in order 'to create a text file Set fs = Server.CreateObject("Scripting.FileSystemObject")

'Create text file using append mode Set outStream = fs.OpenTextFile( "C:\cert.txt", 8, True )

'Save certificate issuer information to text file outStream.WriteLine( "# Issuer: " & Request.ClientCertificate("Issuer") )

'Extract certificate subject (user) and account information 'from certificate su = Request.ClientCertificate( "Subject" ) mx = len(su) for x = 1 to mx           if mid(su,x,1)=chr(10) or mid(su,x,1)=chr(13) then su=left(su,x-1)+";"+right(su,mx-x) end if        next outStream.WriteLine( "# Subject: " & su ) outStream.WriteLine( "# Account: " & Request.ServerVariables("REMOTE_USER") )

'Extract encrypted certificate text from certificate; encode text as 64-bit data uue = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"

outStream.WriteLine( "-BEGIN CERTIFICATE-" ) cer = Request.ClientCertificate( "Certificate" ) lcer = len(cer) l = 0

for x = 1 to lcer step 3 a1 = asc(mid(cer,x,1)) if x+1 <= lcer then a2 = asc(mid(cer,x+1,1)) if x+2 <=lcer then a3 = asc(mid(cer,x+2,1)) else a3 = 0 end if           else a2 = 0 a3 = 0 end if           outStream.Write mid(uue, (a1 and 252)/4 +1 ,1) outStream.Write mid(uue, (a1 and 3)*16 + (a2 and 240)/16 +1 ,1) if x+1 <= lcer then outStream.Write mid(uue, (a2 and 15)*4 + (a3 and 192)/64 +1 ,1) if x+2 <= lcer then outStream.Write mid(uue, (a3 and 63) +1 ,1) else outStream.Write "=" end if           else outStream.Write "==" end if           l = l +4 if l = 64 then outStream.WriteLine("") l = 0 end if        next if l > 0 then outStream.WriteLine( "" ) end if        outStream.WriteLine( "-END CERTIFICATE-" ) Response.Write "Client certificate information has been received and logged successfully " %> 

Keywords: kbhowto KB216829

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.