Troubleshouting authentication with certificates

Hello everyone,

i’m trying to activate the authentication with certificates in Domino 9.0. i followed the habitual steps to do so: creating the .kyr & .sth files using sertsrv.nsf, then activating ssl and authentication by certificate in the server document (port==>internet port tab ). but every time, i have a different result: sometime it works fine, sometime it doesn’t. is there a method that allows me to monitor and troubleshoot the authentication per certificate, so i can find my errors? and other than the .kyr and the server document, is there any other parameters that could affect the authentication procedure?

PS: i’m using PKI (windows CA) as a certificate authority.

Thanks

Subject: re:troubleshouting authentication with certificates

after investigation, it seems that the notes.ini entry “httpenableconnectorheaders=1” was the cause of our issue. But we also use IIS as a frontend web server - that’s why we used the mentionned notes.ini entry - and now, we have problems when connecting through IIS.

any idea?

Subject: relevant debug

heres some additional debug may help you
webauth_verbose_trace=1 // auth debug very verbose as name implies
Debug_SSL_Domino=1 // will expose name we see in the ssl client cert
Debug_SSL_All=1 // general ssl debug