Enabling Client Certificates

You can require users attempting to access your Web content over a secure link to log on with a client certificate. Requiring a client certificate, however, does not protect your content from unauthorized access. Any user with a client certificate can establish a secure connection and access your resource. To protect your Web content from unauthorized access you must do either of the following:

• Use Basic and Windows NT Challenge/Response authentication, in addition to requiring a client certificate.
• Create a Windows NT account mapping for client certificates. For more information, see Mapping Client Certificates to User Accounts

Important   

• Your Web server cannot process client certificates unless you have previously installed a server certificate and enable your server's secure communication features. For more information about authentication and certificates, see About Authentication and Obtaining a Server Certificate.
• When you set security properties for a specific Web site, you automatically set the same security properties for directories and files belonging to that site, unless the security properties of the individual directories and files have been previously set.
• Your Web server will prompt you for permission to reset the properties of individual directories and files when you attempt to set security properties for your Web site. If you choose to reset these properties, your previous security settings will be replaced by the new settings. The same condition applies when you set security properties for a directory containing subdirectories or files with previously set security properties. For more information about setting properties, see Properties and Inheritance of Properties on Sites in About Web Sites.

1. In Internet Service Manager, select a Web site, directory, or file, and open its property sheets.
2. If you have not previously created a server key pair and certificate request, select the Directory Security or File Security property sheet, under Secure Communications, click Key Manager. For procedural information about using Key Manager, see Creating and Managing Server Key Pairs.
3. If you have previously created a server key pair and certificate request, select the Directory Security or File Security property sheet, under Secure Communications, click Edit.
4. In the Secure Communications dialog box, select the Require Secure Channel when accessing this resource check box. Requiring a secure channel means that user cannot connect to this site without using a secure link (that is, the link's URL must begin with https://).
5. Under Client Certificate Authentication select one of the following to enable client certificate authentication:
• Accept Certificates-  Users can access the resource with a client certificate, but the certificate is not required.
• Require Client Certificates-  The server will request a client certificate before connecting the user to the resource. Users without a valid client certificate will be denied access.
6. Click OK.

© 1997 by Microsoft Corporation. All rights reserved.