Mapping Client Certificates Many-to-One

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Many-to-one mapping uses wildcard matching rules that verify whether a client certificate contains specific information, such as issuer or subject. This mapping does not compare the actual client certificate, but rather accepts all of the client certificates that fulfill the specific criteria. If a client gets another certificate containing all of the same user information, the existing mapping will work.

When using many-to-one mapping, keep the following information in mind:

• Specific client certificate mappings always take precedence over wildcard mappings.

• Some client certificates offer more identifying information and may contain additional custom subfields. For information about certificate formats, contact your certification authority.

This section includes the following information:

• Adding a Client Certificate Mapping Using Wildcard Rules: Describes how to use wildcard rules to map more than one client certificate to a Windows user account.

• Editing Existing Wildcard Rules for Client Certificate Mapping: Describes how to edit existing wildcard rules.