Solved

IIS Certificate Mapping

Posted on 2008-10-25
1
481 Views
Last Modified: 2012-05-05
I would like to understand how certificate mapping works for a website I am currently trying to secure. The website has it's own server certificate from a CA(godaddy). and is currently only acessible via SSL. I would only like one client to have access to the website. Do I need to send them my public SSL certificate and map that to a user account that only has access to the specific folders for the website?

If I do that, then couldn't anyone with my public SSL gain access to the website?

Does the client need to get it's own certificate? If so where and how do you get client certificates. If they get a certificate, do they send me there public SSL certificate and I map that to the user account? What if someone were able to get there client certificate couldn't they gain access as well?

My end goal is to only allow one client computer access to an SSL website I host on the internet as securly as possible.

Thanks in advance.
0
Comment
Question by:jmelcher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22812877
The user should get a cert with the Client Authentication EKU (extended key usage).  You would configure trust on your server - here is a decent article on how to set this up:
http://www.windowsecurity.com/articles/Client-Certificate-Authentication-IIS6.html
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question