Share via

Just a quick post on IIS7 cert mapping setup

  • Article

Install the role service under IIS

clip_image002

At the Server level - enable DS mapping under authentication:

image

Create the web site.

Enable it for HTTPS ( bindings )

clip_image006

Set the site to require certs under: clip_image008

clip_image010

Enable the site :

C:\Windows\SysWOW64\inetsrv>appcmd unlock config /section:clientCertificateMappingAuthentication
Unlocked section "system.webServer/security/authentication/clientCertificateMappingAuthentication"
at configuration path "MACHINE/WEBROOT/APPHOST".

C:\Windows\SysWOW64\inetsrv>appcmd set config "CertAuthWebSite" -section:clientCertificateMappingAuthentication /enabled:true
Applied configuration changes to section "system.webServer/security/authentication/clientCertificateMappingAuthentication"
for "MACHINE/WEBROOT/APPHOST/CertAuthWebSite" at configuration commit path "MACHINE/WEBROOT/APPHOST/CertAuthWebSite"

Do a reset for good measure ( at least I do )

C:\Windows\SysWOW64\inetsrv>iisreset /noforce
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

Comments

  • Anonymous
    August 06, 2013
    How do I do this in powershell? Should this work? Set-WebConfiguration -Location "$websiteName/Citrix/$webApplicationName" -Filter  "system.webServer/security/authentication/clientCertificateMappingAuthentication" -Value "True"