IIS 7 and Above
How to filter client certificates
Last post Jul 10, 2019 07:24 AM by Able
Jul 08, 2019 06:00 PM|BenSwitzer|LINK
I have an IIS 7.5 site that requires client certificates. We already filter certificates by Trusted Issuer. Can this be filtered even further? We have 3 certificates, (email, ID and authentication), that all use the same CA. We only want to accept one
of those certificates and the user to be prompted for that one certificate. I have seen OWA do this as it only prompts for our email certificate. Is this possible with IIS?
Jul 09, 2019 02:57 AM|Able|LINK
According to your description, could you please tell me how you use these certificate ,for authentication or just ssl binding ?If you just bind a website with three certificates. I think you have also bound three url to website because ssl certificate only
have connections with url. In this situation , you don't need to filter because server will tell client which client it needs.
Else if you want to use IIS Client Certificate Mapping Authentication.You could follow the steps in the link as below:
Jul 09, 2019 11:52 AM|BenSwitzer|LINK
The certificates in question are client certificates. I've already looked at IIS Client Certificate Mapping Authentication. Authentication of the certificates are handled by Tumbleweed with an OSCP/CRL. This does not control what the user gets prompted
for, only what is accepted. Looking for a solution that can filter what the user is prompted for. All 3 Client certificates use the same CA.
Jul 10, 2019 07:24 AM|Able|LINK
As far as I known ,if you have multiply client certificates ,it will show popup window to let client user to choose when it visits server.
So I suggest that you could post the screenshot of your client certificates,you could see as below:
Here is the link ,I hope it could help you.