Enabling Client Certificates in IIS 5.1 on Windows XP Professional
Client certificates are used authenticate Web clients to Web servers. IIS allows client certificates to be configured on the Web site, directories and files.
- Open the Microsoft Management Console for IIS if it is not already open.
- Select the Web site, directory or file where you wish to enable secured communications and right click to open its ‘Properties’. In this example we have selected the ‘Default Web Site’.
- When the Web site ‘Properties’ tab pane opens select the ‘Directory Security’ tab and then click ‘Edit…’.
- When the ‘Secure Communications’ dialog box opens select ‘Accept client certificates’ or ‘Require client certificates’. ‘Accept client certificates’ can be used without requiring SSL and provides an alternate means to authenticate Web clients (conventional log-on can still be a fall-back). ‘Require client certificates’ requires SSL usage (at any strength) and will only allow clients with certificates from trusted CAs to authenticate. When a Certificate Trust List (CTL) is not used all Trusted Root CAs on the computer account are used for authentication. Therefore, configuring a CTL it is highly recommended to reduce the scope of trusted CAs.
- Once ‘Accept client certificates’ or ‘Require Client Certificates’ is selected click ‘OK’.
- Once the ‘Secure Communications’ dialog box closes click ‘Apply’ in the Web site ‘Properties’ tab pane. Once ‘Apply’ is selected the changes will take effect.
Back to
Web Page Access Control Using PKI
PKI Lab Home
Dartmouth College PKI Lab
Last update: