Spat's WebLog (Steve Patrick)

When things go wrong...

Just a quick post on IIS7 cert mapping setup

Just a quick post on IIS7 cert mapping setup

  • Comments 1

Install the role service under IIS


At the Server level - enable DS mapping under authentication:


Create the web site.

Enable it for HTTPS ( bindings )


Set the site to require certs under: clip_image008


Enable the site :

C:\Windows\SysWOW64\inetsrv>appcmd unlock config /section:clientCertificateMappingAuthentication
Unlocked section "system.webServer/security/authentication/clientCertificateMappingAuthentication"
at configuration path "MACHINE/WEBROOT/APPHOST".

C:\Windows\SysWOW64\inetsrv>appcmd set config "CertAuthWebSite" -section:clientCertificateMappingAuthentication /enabled:true
Applied configuration changes to section "system.webServer/security/authentication/clientCertificateMappingAuthentication"
for "MACHINE/WEBROOT/APPHOST/CertAuthWebSite" at configuration commit path "MACHINE/WEBROOT/APPHOST/CertAuthWebSite"

Do a reset for good measure ( at least I do )

C:\Windows\SysWOW64\inetsrv>iisreset /noforce
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

Leave a Comment
  • Please add 7 and 4 and type the answer here:
  • Post
  • How do I do this in powershell?

    Should this work?

    Set-WebConfiguration -Location "$websiteName/Citrix/$webApplicationName" -Filter  "system.webServer/security/authentication/clientCertificateMappingAuthentication" -Value "True"

Page 1 of 1 (1 items)