Condividi tramite


Map Client Certificates Many-to-One (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

When you want to verify that a client certificate contains specific information, such as issuer or subject, use IIS many-to-one certificate mapping. This mapping method uses wildcard matching rules to accept all the client certificates that fulfill the specific mapping criteria you define. Before you can map client certificates, you must enable Secure Sockets Layer (SSL) for your site.

Important

If you use IIS many-to-one certificate mapping, you cannot use Active Directory certificate mapping.

Prerequisites

For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Server Certificates Feature Requirements (IIS 7).

Exceptions to Feature Requirements

  • None

Levels

  • Site

Modules

  • IisClientCertificateMappingAuthentication

Required Permissions

  • Server Administrator

  • IIS Manager User

To map client certificates many-to-one

You can perform this procedure by editing configuration files directly, or by writing WMI scripts.

User Interface

None

Command-line

None

Configuration

The procedure in this topic affects the following configuration elements:

<iisClientCertificateMappingAuthentication>

For more information about IIS 7 configuration, see IIS 7.0: IIS Settings Schema on MSDN.

WMI

Use the following WMI classes, methods, or properties to perform this procedure:

  • ManyToOneCertificateMappingElement class

  • ManyToOneCertificateMappingRuleElement class

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.

See Also

Concepts

Configuring Server Certificates in IIS 7