Exporting a Client Certificate for One-to-One Mapping

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Some client certificates need to be exported for use in IIS one-to-one mapping. For more information about whether you must export client certificates, contact your certification authority.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To export a client certificate for one-to-one mapping

  1. On the Tools menu in Internet Explorer, version 5.0 or later, click Internet Options, and then click the Content tab.

  2. On the Content tab, click Certificates, and then click the Personal tab.

  3. On the Personal tab, in the list of certificates, click the certificate that you want to export, and then click Export.

  4. In the Certificate Export Wizard, click Next.

  5. On the next page in the wizard, click No, do not include any private keys in the export, and then click Next.

  6. On the next page in the wizard, click Base64 Encoded X.509 (*.CER), and then click Next.

    Note

    The client certificate mapping programs for both IIS 6.0 and Windows Active Directory Services accept certificates formatted as either binary or Base-64 encoded files.

  7. Follow the remaining steps in the Certificate Export Wizard to complete the procedure.

  8. Map the exported certificate one-to-one with a Windows user account. For information about mapping a certificate one-to-one with a Windows user account, see Mapping a Specific Client Certificate to a User Account.