In IIS a server variable called "CERT_COOKIE" is available to be read. The description of this is: "The CERT_COOKIE server variable is a unique identifier for a client certificate."
Not much info is available on how it is calculated by IIS. The closest I found was: " It's generated by creating a hash of the provider name and the binary serial number in the cert"
From what I can see IIS6 CERT_COOKIE length is 32, while in IIS7.x it is 64. I have also inferred that IIS6 uses MD5 for hashing and IIS7 could be using SHA256 (purely by looking at the CERT_COOKIE length). Is this true? Also would anyone know how exactly is CERT_COOKIE calculated? We need to pass CERT_COOKIE from IIS7 to IIS6 so need to compute it rather than reading the server variable.
Thanks
Dhananjay