SMP Console is prompting for a certificate

book

Article ID: 223540

calendar_today

Updated On:

Products

Client Management Suite

Issue/Introduction

When accessing the SMP Console we are getting a prompt to select a certificate.  If the prompt is canceled, the normal NTLM logon prompt appears.  This happens each time we start a new session. It lists whatever “client authentication” certificates are present on the machine, in the current user’s Personal > Certificates folder.

This happens on Firefox, Chrome, IE, etc., for all users.

Cause

Negotiate Client Certificate is Enabled in netsh

Environment

8.x

Resolution

“netsh http show sslcert” on the NS produced:

IP:port                      : 0.0.0.0:443
Negotiate Client Certificate : Enabled

IP:port                      : 0.0.0.0:4726
Negotiate Client Certificate : Enabled

If that shows as Enabled, run these commands to remove the bindings in IIS:

netsh http delete sslcert ipport=0.0.0.0:443
netsh http delete sslcert ipport=0.0.0.0:4726

Go into IIS Manager and re-bind 443 and 4726 to * (any IP) with the appropriate Certificate.

Then run “netsh http show sslcert” again and validate that Negotiate Client Certificate is now Disabled:

IP:port                      : 0.0.0.0:443
Negotiate Client Certificate : Disabled

IP:port                      : 0.0.0.0:4726
Negotiate Client Certificate : Disabled

Additional Information

Additional details may be found here:

https://serverfault.com/questions/129441/iis-requesting-certificates-even-though-set-to-ignore

https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate