How to Configure IIS Express to Accept SSL Client Certificates
Developing applications with SSL client certificates are a challenge because there are so many little things that can go wrong. You quickly want to open the debugger, but that can be a challenge in itself, especially when the whole chain only works on a remote server. A much simpler way is to use IIS Express with a configuration that accepts SSL client certificates. This setup allows you to debug your application on your local machine without the need to configure the full IIS – at least as long as the errors are in your application.
Visual Studio configures all the necessary things (like your server certificate and the settings) when you select the SSL option for the web host.
The whole configuration is inside the solution folder in the .vs\config\applicationhost.config configuration file which you best open in a text editor outside of Visual Studio.
Search for an xml element called <access> inside a <security> element:
The default configuration has no support for SSL client certificates. You need to modify the sslFlags attribute to include these options: Ssl, SslNegotiateCert, SslRequireCert
The next step is to find the element <iisClientCertificateMappingAuthentication>:
If you change enabled to true, IIS Express will start accepting client certificates:
You now need to restart Visual Studio and IIS Express. IIS Express can be restarted using the icon in your system tray.
From now on you will be asked for a client certificate and you can debug the whole application inside Visual Studio. This may not look like a big improvement, but trust me, it makes debugging much simpler.