Just a quick post on IIS7 cert mapping setup


Install the role service under IIS


clip_image002


At the Server level – enable DS mapping under authentication:


image


Create the web site.


Enable it for HTTPS ( bindings )


clip_image006


Set the site to require certs under: clip_image008


clip_image010


Enable the site :


C:\Windows\SysWOW64\inetsrv>appcmd unlock config /section:clientCertificateMappingAuthentication
Unlocked section “system.webServer/security/authentication/clientCertificateMappingAuthentication”
at configuration path “MACHINE/WEBROOT/APPHOST”.


C:\Windows\SysWOW64\inetsrv>appcmd set config “CertAuthWebSite” -section:clientCertificateMappingAuthentication /enabled:true
Applied configuration changes to section “system.webServer/security/authentication/clientCertificateMappingAuthentication”
for “MACHINE/WEBROOT/APPHOST/CertAuthWebSite” at configuration commit path “MACHINE/WEBROOT/APPHOST/CertAuthWebSite”


Do a reset for good measure ( at least I do )


C:\Windows\SysWOW64\inetsrv>iisreset /noforce
Attempting stop…
Internet services successfully stopped
Attempting start…
Internet services successfully restarted

Comments (1)

  1. Anchit Kalra says:

    How do I do this in powershell?

    Should this work?

    Set-WebConfiguration -Location "$websiteName/Citrix/$webApplicationName" -Filter  "system.webServer/security/authentication/clientCertificateMappingAuthentication" -Value "True"

Skip to main content