I have a web service that my customers connect to that requires self-signed client certificates to identify the user. It works for all of my customers except one. When I load their certificate into the Trusted Root Certification Authorities (machine store), IIS still does not trust it. This is not a problem for my other customers.
I have 15 customers and only one has this issue. All of the other customers' certificates are trusted without issue. I can verify the certificate in question is not being passed in the CRT using OpenSSL. Negotiate Client Certificates is enabled (using netsh
http add sslcert.)
I have tried iisreset, getting the customer to create another certificate and setting the purpose on the certificate in the Trusted Root to Client Authentication. Is there anything else I might be missing? Is there a way to "refresh" the CRT IIS is sending out without having to create a custom CRT? I have a feeling it may be the tool they are using to create the certificate but I want to rule out as many possibilites as I can on my end.