Configuring a List of Trusted Certification Authorities
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can configure computers running a member of the Windows Server 2003 family with IIS 6.0 to accept certificates from a predefined list of certification authorities (CAs). You can then automatically verify client certificates against your CTL. CTLs are especially useful for Internet Service Providers (ISPs) who have several Web sites on one server and need a different list of approved certification authorities for authenticating clients at each site.
Each of your Web sites can be configured to accept certificates from a different list by using different certificate trust lists (CTLs). For example, an intranet administrator creates a different list of trusted certification authorities (CAs) for each department's Web site on an intranet, in the form of a CTL. As a result, IIS only accepts certificates from certification authorities that are on the department's CTL. When members of the department log on with a client certificate from a CA on the department's CTL, they are automatically authenticated.