SSLAlwaysNegoClientCert

  • Article

The SSLAlwaysNegoClientCert property controls SSL client connection negotiations. If this property is set to true, any time SSL connections are negotiated, the server will immediately negotiate a client certificate, preventing an expensive renegotiation. Setting SSLAlwaysNegoClientCert also helps eliminate client certificate renegotiation deadlocks, which may occur when a client is blocked on sending a large request body when a renegotiation request is received.

Schema Attributes

Attribute Name

Value

ADSI/WMI Data Type

BOOL

ABO Data Type

DWORD_METADATA

Schema Default

FALSE

Internal Default

Not specified.

Upper Bound

1

Lower Bound

Not specified

Internal ID

5521

Friendly ID

MD_SSL_ALWAYS_NEGO_CLIENT_CERT

Property Attributes

INHERIT

User Type

IIS_MD_UT_SERVER

Configurable Locations

You can configure this property at the following locations in the IIS metabase.

Metabase Path

IIS Admin Object Type

/LM/W3SVC

IIsWebService

/LM/W3SVC/n

IIsWebServer

Flags

There are no flags for this property.

Requirements

Server: Requires or Windows Server 2003.

Product: IIS

See Also

Concepts

Comparison of IIS Administration Features

Using IIS Programmatic Administration

CertCheckMode

RevocationFreshnessTime

RevocationURLRetrievalTimeout

SSLCertHash

SslCtlIdentifier

SslCtlStoreName

SSLStoreName

SslUseDsMapper

Request.ClientCertificate Collection