Password is seen in Clear Text when configuring Client Certificate Mapping using Configuration editor in IIS 7/7.5

Most of the time I write blogs to help myself find things easily. It is easier to search things when you know where to search them for. So I thought of blogging this topic as I keep encountering it more often and then spend quite some time figuring out what the fix was.

Many of you have already encountered this, while configuring IIS Client Certificate Mapping (either one-to-one or Many-to-one) in IIS 7/7.5 via configuration editor, when you specify the username and password section, the password is displayed in clear text.

As you can see in the above image, the password is displayed in clear text in the IIS GUI.

This problem was around for sometime until the PG decided to introduce a patch to address this.

In IIS 7, they introduced a path to fix this problem: https://support.microsoft.com/kb/2412005

For IIS 7.5, this issue was addressed in Windows Server 2008 R2 SP1.

After we install the patch, the password is no longer seen in clear text and remains hidden. We love those asterisks, don’t we?