We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


1-1 certiifcate mapping in IIS 6.0 allowing all users to access the site

Medium Priority
Last Modified: 2012-05-11

We have a 2003/2008 AD environment with Enterprise Root CA.
I'm trying to get the 1-1 certificate mapping to work on a website running on IIS 6 on a 2003 Server so that a smartcard user can access the website using a smartcard.

After configuring the website for 1-1 mapping for user1, not only can user1 access the site but all smartcard users can access the site.  Am I missing a step?

I've only enabled 1-1 certificate mapping for user1 and have the many-1 mapping unchecked in IIS.  

I did the following to setup 1-1 certificate mapping.

To map a specific client certificate to a user account
 In IIS Manager, expand the local computer, and then expand the Web Sites folder.
 Right-click the Web site for which you want to configure authentication, and then click Properties.
 Click the Directory Security tab, and then, in the Secure Communications section, click Edit.
 In the Secure Communications box, select the Enable client certificate mapping check box, and then click Edit.
 In the Account Mappings box, click the 1-to-1 tab.
 On the 1-to-1 tab, either add a new certificate by clicking Add, or edit an existing mapping by selecting the mapping and clicking Edit Map.
 If you are adding a new certificate, browse to the certificate file and open it.


If you cannot find the certificate file, it might first need to be exported. For information about exporting a certificate for use in one-to-one mapping, see Exporting a Client Certificate for One-to-One Mapping.

 In the Map to Account box, enter a map name for the mapping. This is the name that will be displayed in the selection list on the Account Mappings box.
 Either type or browse to a Windows user account. Type the password of the account to which the certificate is being mapped.
 Click OK.

Watch Question

Unlock this solution and get a sample of our free trial.
(No credit card required)


I haven't had a chance to get back to this but the link you sent me has some good info.

Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.