Avoid this confusion around Client certificate mapping in IIS 6.0/7.0
I just wanted to add this quick post around Client certificate Mapping on IIS. This is focused on 1-to-1/Many-to-1 mapping in IIS 6.0/7.0.
If you are interested to know more about configuring Client certificate mapping in IIS 6.0 please check this post of mine and for IIS 7.0 this is an excellent article.
Recently a colleague of mine and I was working on this issue for one of our internal teams and after some real slogging we figured out that one *cannot* set this mapping at any Virtual directory/Application level in IIS.
One has to set the Client certificate mapping at the specific Web site level only!
I couldn't find a documentation on this so thought of putting this as a short post for general audience in case someone is scratching their head over this.
Cheers!
Comments
Anonymous
December 09, 2013
Thank you! I spent a week trying to figure this out. I can't understand why the option is even present at the virtual directory or application level.Anonymous
October 07, 2014
That's Microsoft for ya. You would think they could do a much better job with client certificate mapping. Why do I even have to associate an account with a mapping? All I want is for iis to verify that the client cert is in the list!Anonymous
November 20, 2014
The comment has been removedAnonymous
October 26, 2016
THanks a lot, this really helped me. However, so far, I have to configure this mapping at both web site AND application to make it work (but my application is already a "sub application" of an application of this web site).