Mapping Certificates to User Accounts in IIS and Active Directory

Infineon Security Platform

Infineon Security Platform Solution

Mapping Certificates to User Accounts in IIS and Active Directory

Mapping a certificate to a Windows 2000 / XP user is done either through the Windows 2000 / XP Active Directory service or with rules defined in the Internet Information Services (IIS).

You can opt to map certificates to user accounts in either IIS or Active Directory depending on whether you are performing client authentication for users who are within your domain or external entities that are not part of your domain. Certificate mapping with Active Directory would be ideal if you will authenticate users only within your domain. You must use IIS mapping if you intend to authenticate users who do not belong to your domain.

Note: Client Authentication with IIS involves the use of the Secure Sockets Layer (SSL) of your Web server, which means that you will need to obtain a server certificate from a CA. This is because server authentication using a server certificate is mandatory for an SSL connection and client authentication is just an additional security measure.

More information on "Mapping Certificates to User Accounts in IIS and Active Directory" and on the "Internet Information Service" is available in the Microsoft TechNet.

©Infineon Technologies AG