Export (0) Print
Expand All

Map Client Certificates One-to-One (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

When you want each Windows user account to map to a single client certificate, use one-to-one IIS certificate mapping. This mapping provides added protection for your server because the certificate sent by the client must be identical to the copy of the client certificate stored on the server. Before you can map client certificates, you must enable Secure Sockets Layer (SSL) for your site.

ImportantImportant
If you use IIS one-to-one certificate mapping, you cannot use Active Directory certificate mapping.

For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Server Certificates Feature Requirements (IIS 7).

Exceptions to Feature Requirements

  • None

Levels

  • Site

Modules

  • iisClientCertificateMappingModule

Required Permissions

  • Server administrator

  • IIS Manager user

You can perform this procedure by editing configuration files directly, or by writing WMI scripts.

The procedure in this topic affects the following configuration elements:

<oneToOneMappings> element under <iisClientCertificateMappingAuthentication>

For more information about IIS 7 configuration, see IIS 7.0: IIS Settings Schema on MSDN.

Use the following WMI classes, methods, or properties to perform this procedure:

  • OneToOneCertificateMappingElement class

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft