Adding a CA Certificate to a Certificate Trust List (CTL) in IIS 5.1 on Windows XP Professional
IIS Certificate Trust Lists (CTLs) are used to restrict the set of acceptable client certificates on a per-web-site basis. When a CTL is configured clients are authenticated if they provide a certificate issued by one of the CAs identified by the CTL. Authorization is controlled through certificate mapping.
- Open the Microsoft Management Console for IIS if it is not already open.
- Select the Web site where you wish to install a Server Certificate and right click to open its ‘Properties’. In this example we have selected the ‘Default Web Site’.
- When the Web site ‘Properties’ tab pane opens select the ‘Directory Security’ tab and then click ‘Edit…’.
- When the ‘Secure Communications’ dialog box opens select ‘Enable certificate trust list’ and click on ‘New…’.
- When the ‘Certificate Trust List Wizard’ opens select ‘Next >’.
- Since this is a new CTL it will not contain any CA certificates (note that an existing CTL could have been edited in step 4 above and the following procedures work for editing as well). Thus, the ‘Certificates in the CTL’ pane will be empty. Select ‘Add from Store’.
- The ‘Select Certificate’ dialog box will open. Select one or many root certificates and click ‘OK’.
- The ‘Certificates in the CTL’ pane will now be populated with the certificate(s) you selected. Click ‘Next >’.
- When the ‘Name and Description’ pane opens enter a name and description. Click ‘Next >’ when done.
- The ‘Completing the Certificate Trust List Wizard’ will open. Review the summary information and select ‘Finish’ when done.
- Select ‘OK’ when the ‘Certificate Trust List Wizard’ status dialog appears.
- Select ‘OK’ in the ‘Secure Communications’ dialog box.
- Select ‘Apply’ in the ‘Web Site ‘Properties’ dialog box. The new CTL is now enabled.
Back to
Web Page Access Control Using PKI
PKI Lab Home
Dartmouth College PKI Lab
Last update: