Home
Topics
Microsoft Windows Storage Management
Windows File Management
Heads up on Web-based certificate mapping

Tip

Heads up on Web-based certificate mapping

Craig Humphrey

This tip was submitted to the SearchWin2000.com tip exchange by member Craig Humphrey. Please let other users know how useful it is by rating it below.

Here are a few pointers to watch out for when you're setting up Web sites that use client certificates for authentication.

1. If the site uses both login (Basic or NTLM) authentication and certificate mappings, then the login over-rides the certificate mapping.

2. There are two types of certificate mapping (as of IIS5). One is built into IIS and uses a strong comparison between the stored certificate credentials and the certificate presented by the user. However, any administrator of the server can enumerate all usernames/passwords of certificate mappings. If a certificate is renewed or replaced, it will need to be re-imported into IIS.

The second type of certificate mapping is done in Active Directory, however it uses a weak mapping ("subject" component of certificate) between the stored certificate credentials and the presented client certificate. This allows it to transparently support renewed or replaced certificates and no password information can be enumerated. However, if two certificates are requested from the same CA, using the same textual (name, e-mail, etc.) credentials, AD is unable to differentiate between them.

3. If you're using AD-based certificate mapping, to view the certificates, you'll need to turn on the advanced options

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

in AD: Users and Groups and then right click a user and select the Name Mappings item.

Good luck and have fun with certificates.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in January 2004

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

More from Related TechTarget Sites

Server Virtualization
Cloud computing
Exchange
SQL Server
Windows IT
Enterprise Desktop
Virtual Desktop

Server Virtualization
- Moving VMs around? Avoid downtime with Hyper-V Live Storage Migration
  
  Live Storage Migration eliminates the downtime associated with moving VM files from one storage location to another and helps improve performance.
- RHEV proves to be a cost-effective alternative to vSphere
  
  Some IT departments have turned to low-cost, flexible virtualization platforms, such as Red Hat Enterprise Virtualization, to lower VMware costs.
- Guidelines for moving multiple VMs with Hyper-V Live Storage Migration
  
  Live Storage Migration makes it easy to move multiple storage files of running VMs without downtime, but there are practical limits you should know.
Cloud computing
- PaaS market heats up with Red Hat OpenShift, Savvis AppFog buy
  
  PaaS made headlines last week, but it's still difficult to gauge the true level of interest in Platform as a Service in the enterprise world.
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
Exchange
- Spotlight on top new Exchange 2013 features
  
  There are several new Exchange 2013 features that should interest those debating an upgrade. We examine several standouts and how to work with them.
- How to modify OWA 2013 to support Microsoft Lync
  
  Properly modifying OWA 2013 is necessary to allow users Lync functionality such as instant messaging and presence. We offer the necessary steps here.
- Block badly behaving Exchange ActiveSync devices in Exchange 2013
  
  Misbehaving Exchange ActiveSync devices can put a serious strain on your environment. Take control with new auto-block thresholds in Exchange 2013.
SQL Server
- SQL Server 2014 'keeps up with the Joneses,' says analyst
  
  Ovum analyst Tony Baer says that most database platforms are moving toward in-memory features, and SQL Server 2014 is no different.
- SQL Server high availability: Natural enemy of virtualization?
  
  Do SQL Server high availability and virtualization go together or not? Find out if virtualization is a good option for you in this tip by Bob Sheldon.
- SQL Server 2014 due out in late 2013, in-memory OLTP a big feature
  
  Microsoft announced that the next version of its database, SQL Server 2014, will have in-memory features and be generally available in late 2013.
Windows IT
- SharePoint 2013 features: what's new, what's changed and what's gone
  
  Some existing SharePoint features were replaced or dropped in SharePoint 2013. Here's how to work through the changes.
- Prevent hacking in your enterprise with these nine easy steps
  
  There are no foolproof ways to completely stop hacking in an enterprise, but follow these proven and common sense methods to reduce your risk.
- How to advance your cloud skills and get ahead of the gap
  
  There may be a growing shortage of IT pros with cloud skills, but you can take action now and become a valuable asset with the right skills.
Enterprise Desktop
- Q&A: Microsoft's Erwin Visser discloses Windows 8 mobile strategy
  
  Microsoft GM Erwin Visser discusses the company's mobile strategy for Windows 8 and the need to deliver one device supporting all types of computing.
- Q&A: Microsoft's Erwin Visser on Windows 8.1 updates, security
  
  Microsoft's Erwin Visser discusses Windows 8.1 features, how IT can keep pace with faster update cycles and Windows security enhancements.
- Telerik updates Windows 8 app development tools
  
  Telerik's updated DevCraft tool for developing Windows 8 apps helps IT to deliver business apps to end users on PCs and tablets.
Virtual Desktop
- How inline deduplication is changing the VDI storage landscape
  
  VDI storage has long been a challenge for virtual desktop admins, but inline deduplication is changing all that.
- Taking advantage of VM snapshots in a virtual desktop environment
  
  With VM snapshots, you can make one desktop VM into many. Just watch out for performance when snapshotting in a virtual desktop environment.
- Planning and managing virtual desktop pools
  
  Virtual desktop pools make management easier, but you have to plan for them and remember that the way you create pools depends on your VDI platform.

All Rights Reserved,Copyright - 2013, TechTarget