IIS 6: client certs renewal of already 1:1 mapped client certs
https://stackoverflow.com/questions/1832447
-
11-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
if a client certificate which is used for mapping in iis6 is renewed. do then i have to renew the mapping (one to one mapping!) also?!?! at least it looks so! why this? the public key is same as in the expired cert! i would assume/think that iis 6 is using the public key for mapping! can someone confirm or clarify, please! thanks in advance, k.
Solution
Unfortunately, the authentication isn't checked against the keys, but rather against the certificate presented. Because the mapped certificate they have is no longer valid (or doesn't match the certificate used to sign the request), the authentication will fail to match.
Think of a certificate like a driver's license and the mapped certificate like a list of drivers licenses authorized for a particular resource. If you renew your driver's license, you will also need to get your updated license on the list.
I believe Microsoft understands this challenge and has ways to updated client certificate mappings automatically, but I don't know the details.
