I'm having a problem with what looks to be a regression in Windows 8.1 in the handling of SSL/TLS negotiated client certificates with HTTP.SYS. This fails on Windows 8.1 but works with Windows 7. Perhaps I'm doing something wrong. Hoping to find someone with expertise in this area.
As part of TLS/SSL client certificate Smart Card authentication support with Microsoft HTTP.SYS our server-side software sends a Certificate Request (with HTTP.SYS) to the client with a trusted issuer CA list. This allows the client to match appropriate user X.509 certificates from a Smart Card to send a trusted one to the server.
In my environment with Windows 7, this CA list sent to the client has about 11 DN entries which I think is basically the contents of the Local Computer Certificates "Trusted Root Certification Authorities". With Windows 8.1 the list is empty.
What do I need to do to get the Windows 8.1 HTTP.SYS to include the CA list of issuers in the SSL/TLS Certificate Request to the client?
I first thought that it may be because our software had set up the HTTP.SYS sslcert info incorrectly on Windows 8.1, but running "netsh http show sslcert" shows the same info as on Windows 7 so this should result in correct SSL/TLS cert negotiation info with a CA list.
SSL Certificate bindings:
-------------------------
IP:port : 0.0.0.0:443
Certificate Hash : 880d0cbe18fe2481d31df01ebb09546e8295fb6d
Application ID : {235f69ad-73fb-4dbd-8203-07291739439b}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Enabled
Negotiate Client Certificate : Enabled
The Certificate Store Name of null should get the OS to use the normal "Trusted Root Certification Authorities" (at least that what it does on Windows 7).
Any suggestions about what needs to be done differently with Windows 8.1 would be greatly appreciated.
Mark