For me it is trivial to configure Tomcat for client authentication. But trying it to do it in an IIS 7 server (running in Win2008R2 Server) it seems imposible.
In tomcat all I have to do is configure the container with my truststore. How is this done in IIS?
All I can find is in SSL settings to request client authentication, but I can not see how can I install certificates my server will trust. What I want to do, is configure IIS to trust specific (client) certificates (not created by the domain controller though. I.e. be of any user).
How can I do this?
UPDATE
I followed the links, but could not get it to work. Is there somewhere I can post, that IIS gurus could help?
I have the following suggestion, based on using IIS Client Certificate Mapping to map many certificates to a single Windows account:
Enable SSL.
Require SSL certificates.
Enable Windows Authentication and disable all other forms of authentication.
Create a local Windows user with limited privileges (user belongs to the Guests group)
Enable IIS Client Certificate Mapping. This has to be done through the command line or through the Configuration Editor in IIS Manager.
IIS Client Certificate Mapping Authentication (Microsoft Docs)
Add mapping entries so that your desired certificates are mapped to the Windows account that you created in step 4.
Does this help?
Configuring One-to-One Client Certificate Mappings (Microsoft Docs)