Install the role service under IIS
At the Server level - enable DS mapping under authentication:
Create the web site.
Enable it for HTTPS ( bindings )
Set the site to require certs under:
Enable the site :
C:\Windows\SysWOW64\inetsrv>appcmd unlock config /section:clientCertificateMappingAuthentication Unlocked section "system.webServer/security/authentication/clientCertificateMappingAuthentication" at configuration path "MACHINE/WEBROOT/APPHOST".
C:\Windows\SysWOW64\inetsrv>appcmd set config "CertAuthWebSite" -section:clientCertificateMappingAuthentication /enabled:true Applied configuration changes to section "system.webServer/security/authentication/clientCertificateMappingAuthentication" for "MACHINE/WEBROOT/APPHOST/CertAuthWebSite" at configuration commit path "MACHINE/WEBROOT/APPHOST/CertAuthWebSite"
Do a reset for good measure ( at least I do )
C:\Windows\SysWOW64\inetsrv>iisreset /noforce Attempting stop... Internet services successfully stopped Attempting start... Internet services successfully restarted