If you are mapping client certificates to Windows user accounts, use the "Enable client certificate mapping" option. The server will compare its client certificate to the one the browser sent and they must be identical for the mapping to proceed. Therefore, if a user obtains a new certificate it must be remapped -- even if it contains all of the same user information. Also, some client certificates will need to be exported in order...
to use IIS's one-to-one mapping feature.
To export a client certificate for one-to-one mapping, open Internet Explorer, go to the tools menu, select Internet Options and then the Content tab. Next select Certificates, and then the Personal tab. Once you're there, select the certificates that you want and click Export. This will start the Certificate Export Wizard. Once this process has started, it's important to select the following options -- "No, do not include any private keys in the export" and "Base64 Encoded X.509 (*.CER)." The exported certificate will need to be copied to a secure location on the Web server so it can be mapped to a user account on the Web server.
You could have also received this error message if the Certificate Authority's (CA) client certificate has not been installed. Your Web server has a list of trusted CA certificates that determines which certificates the server will accept. If the CA that issued the client certificate is not on this list, the client won't be authenticated. On a final note, you mention that there is more than one site on the server, and each site will need its own Web server certificate. I recommend checking the validity of the client certificate's start and end dates, and whether it has been revoked.
Dig deeper on Web Authentication and Access Control
Related Q&A from Michael Cobb
Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your ...continue reading
Users in the enterprise may unknowingly be exposed to 'Gchat' security risks. Expert Michael Cobb discusses Internet application security best ...continue reading
Today's powerful smartphones can sometimes spread viruses to the corporate network. Learn how it can happen and how to prevent it.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.