iis security: Hi. I'm trying to setup a secured website on a Server 2003 machine. I
would like to require user authentication through the use of
certificates. This is a stand-alone web server and certificate server
and we are not on a domain. I have installed the certificate service on
one server and I have no clue where to go from there. Do I need to be on
a domain in order for this to work? I am confused when it comes to
certificate services. Thanks so much for any help!

Hi,

You would issue client authentication certificates to your users.

On your IIS server, you would import the root CA cert from your Certificate
Services machine into the Machine Certificate store (so that IIS trusts
certificates issued by your CA). If the CA is on the same box as IIS then
this isn't necessary.

You would then create one or more user accounts on IIS machine.

You then choose whether you want to do Many -> One mapping (all client certs
map to a single Windows user account) or Many -> Many mapping (client certs
each map to an individual Windows user account). This will determine how
many user accounts you need to create in the previous step.

Then, IIS has a wizard to enabling the certificate -> user mapping under the
"Security" tab for the website.

Cheers
Ken

[quoted text, click to view]