IIS 6.0 F1: Secure Communications - Account Mappings Many-to-1 Tab
Applies To: Windows Server 2008 R2
Use this tab to enable many-to-one mapping. Many-to-one mapping uses wildcard matching rules that verify whether a client certificate contains specific information, such as issuer or subject. This mapping does not compare the actual client certificate, but rather accepts all client certificates fulfilling the specific criteria. If a client gets another certificate containing all of the same user information, the existing mapping will still works. You can list matching rules for a certificate by clicking the Rule Description header, or list the matching rules by the account they are mapped to, by clicking the Mapped Windows Account header. Certificates do not need to be exported for use in many-to-one mapping.
To ensure that changes to matching rules are enacted, stop and restart the Web site.
Enable Wildcard Client Certificate Matching
Select to configure IIS by enabling custom matching rules that check whether client certificate fields match pre-defined criteria.
Click to modify the currently selected matching rule.
Click to create a custom rule for checking a client certificate's fields for specific information before mapping the certificate to a Windows user account.
Click to remove the currently selected custom matching rule. To select multiple mappings, either press the CTRL key while selecting individual accounts, or press the SHIFT key while selecting a range of accounts.
Click to move the currently selected rule higher in the matching rules list. Moving a rule higher in the list gives it a higher priority.
Click to move a rule lower in the matching rules list. Moving a rule lower in the list gives it a lower priority.
If two rules that are defined for the same certificate criteria conflict, the rule with the higher priority is used, and the other rule is ignored. You can list the rules either by their names, by clicking on the Rule Description header, or by the account they are mapped to, by clicking the Mapped Windows Account header.
To learn more about certificate mapping and certificates, see the IIS 6.0 online documentation on the Microsoft Windows Server TechCenter.