IIS FTPS with client authentication and OneToOneMappings

Richard L 1 Reputation point

I'm trying to implement an FTPS service on Windows 10 (i know ... i know ...), with client certificate authentication and authorization (if possible)

Environment :

  • Windows 10 LTSC 2019 (1809)
  • IIS (version 10 normally)
  • Self Signed Certificate (CA will be available later)
  • PC-A > Will host FTPS service
  • PC-B > Will generate certificates and execute FTP client

Certificate setup :

  • On PC-A, root certificate creation (RootCert), then import RootCert public key on PC-B
  • On PC-A, generate server auth certificate (ServCert) with RootCert as Signer, then import private key to PC-B
  • On PC-A, generate client auth certificate (ClientCert) with RootCert as Signer.

IIS setup :
(At this moment, i don't have hands on my lab)

  • FTP site configured with anonymous (read/write permission) auth >> Working
  • Configure FTPS by requiring SSL >> Working
  • Require client authentication >> Working
  • Map client authentication for authorization based on mapped user >> Not Working

OneToOneMapping is mapping ClientCert signature to local user ftpwrite.

I removed NTFS permissions on my FTP folder (only leaving System and Administrators permissions), giving specific permission to ftpwrite account

I can connect and have a write permission. But I cannot modify, create or delete content.

For me, OneToOneMapping is here to connect a client certificate to an account. That will allow to manage authorization.

Do I miss something ? or misinterpret the functionality ? Is there a specific log to know if the mapping is successful ?


Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,606 questions
Internet Information Services
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,351 Reputation points

    Hi there,

    Maybe it's time to re-check the steps you have performed by following the below articles and see if that makes any change.

    Configuring One-to-One Client Certificate Mappings

    Configuring Many-to-One client certificate mappings for IIS 7.0 and 7.5


    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments