Just a quick post on IIS7 cert mapping setup

Install the role service under IIS


At the Server level - enable DS mapping under authentication:


Create the web site.

Enable it for HTTPS ( bindings )


Set the site to require certs under: clip_image008


Enable the site :

C:\Windows\SysWOW64\inetsrv>appcmd unlock config /section:clientCertificateMappingAuthentication
Unlocked section "system.webServer/security/authentication/clientCertificateMappingAuthentication"
at configuration path "MACHINE/WEBROOT/APPHOST".

C:\Windows\SysWOW64\inetsrv>appcmd set config "CertAuthWebSite" -section:clientCertificateMappingAuthentication /enabled:true
Applied configuration changes to section "system.webServer/security/authentication/clientCertificateMappingAuthentication"
for "MACHINE/WEBROOT/APPHOST/CertAuthWebSite" at configuration commit path "MACHINE/WEBROOT/APPHOST/CertAuthWebSite"

Do a reset for good measure ( at least I do )

C:\Windows\SysWOW64\inetsrv>iisreset /noforce
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted