How to configure AD server for client TLS authentication
5,389
I assume that you want to import a certificate from an arbitrary CA. A Windows CA is able to publish certificates directly to an active directory user.
To map a certificate to a user account
- Open Active Directory Users and Computers.
- On the View menu, select Advanced Features.
- In the details pane, click the user account to which you want to map a certificate.
- On the Action menu, click Name Mappings.
- In the Security Identity Mapping dialog box, on the X.509 Certificates tab, click Add.
- Type the name and path of the .cer file that contains the certificate you want to map to this user account, and then click Open.
Confirm that both the Use Issuer for alternate security identity and the Use Subject for alternate security identity check boxes are selected.
http://technet.microsoft.com/en-us/library/cc736781(WS.10).aspx
After this, you should be able to authenticate with the certificate against this user. Your application of course has to support Active Directory Certificate authentication.
Related videos on Youtube
Author by
gayathri
Updated on September 18, 2022Comments
-
gayathri over 1 year
How can I configure my Active Directory LDAP server (Windows 2008) to enable certificate verification and client authentication.
Thanks, Gayathri
-
MichelZ almost 12 yearsWhat PKI Infrastructure do you have? What application do you want to use which does cert auth?
-
-
gayathri almost 12 yearsFor client authentication I have done the below procedure in AD server. Start ->Administrative tool -> Internet Information Services (IIS) Manager ->Connections->authentication -> Active Directory client certificate - authentication -> Enabled. Then also am able to connect to the server without uploading the certificate. Please let me shall i need to ass some more setting to mandate the client authentication in server configuration