Certificate Trusts Lists in IIS7

ssl ssl-certificate iis-7

This sounds weird but you cannot use the IIS 7.0 user interface to create a Certificate Trust List (CTL). Follow these steps to create a CTL with IIS 7.0.

  1. Use MakeCTL.exe to create the CTL. For more information on MakeCTL.exe, see the MakeCTL page on the MSDN site.

    The MakeCTL.exe tool is part of the .NET Framework SDK Version 1.1. Once you install the SDK, MakeCTL.exe appears in the following location:

\Program Files\Microsoft.NET\SDK\v1.1\Bin

  1. After you create the CTL, you must run AdsUtil.vbs to assign the CTL identifier to the name used in MakeCTL.exe.

    adsutil.vbs set w3svc/1/SslCtlIdentifier

    where is the friendly name for the CTL used in MakeCTL.exe.

  2. Run adsUtil.vbs to set the SslCtlStoreName.

adsutil.vbs set w3svc/1/SslCtlStoreName CA

  1. After you have run AdsUtil.vbs, stop Web services by using the following command:

net stop HTTP /y

  1. Restart the WS3SVC service by using the following command:

net start W3SVC


You have to install this hot fix from Microsoft

KB981506 - it resolves this problem.

Sorry, I didn't see the KB referenced in the answers until I posted this

Related

How to disable autocomplete for passwords in IE8 via GPO?
Respond to HTTP OPTIONS with basic auth
What is on your periodic system maintenance? (Windows)
What can cause long query durations without high resource usage?
Windows explorer (filename) string corruption when using remote desktop?
Understanding colo pricing with respect to power needs
Old utmp entries
Performance and Utilization monitoring of Xen Dom0
What will prevent a reboot?
Apache Bandwidth limiting based on URL
ErrorDocument in .htaccess, is it possible to use relative path?
pstools/pskill - Use being logged?