Client Certificate Mapping Uses Multiple Organization Units (197461)
The information in this article applies to:
- Microsoft Internet Information Server 4.0
This article was previously published under Q197461 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: SYMPTOMS
When you attempt to use a Client Certificate with multiple subject
Organization Unit (OU) fields, Internet Information Server (IIS) may not
read the certificate as expected.
CAUSE
IIS does not read more than the first field of Subject OUs for some non-
Certificate Server certificate formats.
For example, if the Subject OU line contains multiple entries delimited by
semicolons, IIS will not recognize any entries beyond the first semicolon.
In the following example, Internet Information Server would detect My
Company, but not Level 1 or Level 2:
My Company; Level 1; Level 2
RESOLUTIONTo resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack
STATUS
Microsoft has confirmed this to be a problem in Internet Information
Server version 4.0.
This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.
| Modification Type: | Minor | Last Reviewed: | 9/22/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbfix KB197461 |
|---|
|