Just a quick post on IIS7 cert mapping setup

Install the role service under IIS


At the Server level - enable DS mapping under authentication:


Create the web site.

Enable it for HTTPS ( bindings )


Set the site to require certs under: clip_image008


Enable the site :

C:\Windows\SysWOW64\inetsrv>appcmd unlock config /section:clientCertificateMappingAuthentication
Unlocked section "system.webServer/security/authentication/clientCertificateMappingAuthentication"
at configuration path "MACHINE/WEBROOT/APPHOST".

C:\Windows\SysWOW64\inetsrv>appcmd set config "CertAuthWebSite" -section:clientCertificateMappingAuthentication /enabled:true
Applied configuration changes to section "system.webServer/security/authentication/clientCertificateMappingAuthentication"
for "MACHINE/WEBROOT/APPHOST/CertAuthWebSite" at configuration commit path "MACHINE/WEBROOT/APPHOST/CertAuthWebSite"

Do a reset for good measure ( at least I do )

C:\Windows\SysWOW64\inetsrv>iisreset /noforce
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

Comments (1)

  1. Anchit Kalra says:

    How do I do this in powershell?

    Should this work?

    Set-WebConfiguration -Location "$websiteName/Citrix/$webApplicationName" -Filter  "system.webServer/security/authentication/clientCertificateMappingAuthentication" -Value "True"

Skip to main content