If you are mapping client certificates to Windows user accounts, use the "Enable client certificate mapping" option....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The server will compare its client certificate to the one the browser sent and they must be identical for the mapping to proceed. Therefore, if a user obtains a new certificate it must be remapped -- even if it contains all of the same user information. Also, some client certificates will need to be exported in order to use IIS's one-to-one mapping feature.
To export a client certificate for one-to-one mapping, open Internet Explorer, go to the tools menu, select Internet Options and then the Content tab. Next select Certificates, and then the Personal tab. Once you're there, select the certificates that you want and click Export. This will start the Certificate Export Wizard. Once this process has started, it's important to select the following options -- "No, do not include any private keys in the export" and "Base64 Encoded X.509 (*.CER)." The exported certificate will need to be copied to a secure location on the Web server so it can be mapped to a user account on the Web server.
You could have also received this error message if the Certificate Authority's (CA) client certificate has not been installed. Your Web server has a list of trusted CA certificates that determines which certificates the server will accept. If the CA that issued the client certificate is not on this list, the client won't be authenticated. On a final note, you mention that there is more than one site on the server, and each site will need its own Web server certificate. I recommend checking the validity of the client certificate's start and end dates, and whether it has been revoked.
Dig Deeper on Web authentication and access control
Related Q&A from Michael Cobb
Android for Work's sandboxing tools, which split work and personal profiles, can be bypassed with a proof-of-concept attack. Expert Michael Cobb ...continue reading
Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb ...continue reading
A researcher discovered 76 iOS apps containing sensitive user data that were vulnerable to man-in-the-middle attacks. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.