Enabling Client Certificates

Applies To: Windows Server 2003, Windows Server 2003 with SP1

You can require users attempting to access your Web site to log on with a client certificate. Requiring a client certificate, however, does not reliably protect your content from unauthorized access. Any user with a valid and trusted client certificate can establish a connection and access your resource. To protect your Web content from unauthorized access you must do one of the following:

• Use Basic, Digest, or Integrated Windows authentication, in addition to requiring a client certificate.

• Create a Windows account mapping for client certificates. For more information, see Mapping Client Certificates to User Accounts in IIS 6.0.

When you attempt to set properties for a specific Web site, your Web server prompts you for permission to reset the properties of individual directories and files in the Web site. If you choose to reset these properties, your previous settings are replaced by the new settings. This is also true when you are setting properties for a directory containing subdirectories or files with previously set security properties.