VBScript to configure one-to-one client certificate mapping on IIS7

Posted: Jan 19, 2007  4 comments  

Average Rating

Share this Post

Ulad Malashanka's Blog

Recently I wrote some scripts and simple UI tool to deal with client certificate mapping on IIS7.

Today I'm publishing VBScript to configure one-to-one client certificate mapping on IIS7.

Next time I'm going to publish a script to configure many-to-one client certificate mapping on IIS7.

Copy the text below and save it to certmap.vbs and run it from command prompt.

set arguments = WScript.Arguments
if (arguments.length < 3 or arguments.length > 4) then
    WScript.Echo("Usage certmap.vbs <.cer file name> <userName> <password> [site]")
end if

certName = arguments(0)
user = arguments(1)
password = arguments(2)
site = "Default Web Site"

if (arguments.length = 4) then
    site = arguments(3)
end if

const forReading = 1

set shell = CreateObject("WScript.Shell")
set fso = CreateObject("Scripting.FileSystemObject")
cer = ""

set f = fso.OpenTextFile(certName, forReading)
s = f.ReadLine()

if (s <> "-----BEGIN CERTIFICATE-----") then
    shell.Run "cmd /C certutil -encode -f " + certName + " certToMap64.cer", 0, true
    set f = fso.OpenTextFile("certToMap64.cer", forReading)
    s = f.ReadLine()
end if

do while f.AtEndOfStream <> true
    s = f.ReadLine
    if f.AtEndOfStream <> true then
        cer = cer + s
    end if


WScript.Echo cer

configPath = "MACHINE/WEBROOT/APPHOST/" + site
configSectionName = "system.webServer/security/authentication/iisClientCertificateMappingAuthentication"

set adminManager = CreateObject("Microsoft.ApplicationHost.WritableAdminManager")
set iisCertMap = adminManager.GetAdminSection(configSectionName, configPath)

iisCertMap.Properties.Item("enabled").Value = "true"
iisCertMap.Properties.Item("oneToOneCertificateMappingsEnabled").Value = "true"

set oneToOneMappingsElement = iisCertMap.ChildElements.Item("oneToOneMappings")
set mapping = oneToOneMappingsElement.collection.CreateNewElement()

mapping.Properties.Item("certificate").Value = cer
mapping.Properties.Item("enabled").Value = "true"
mapping.Properties.Item("userName").Value = user
mapping.Properties.Item("password").Value = password




Excellent resource!

Any thoughts on a similar script for enabling Directory Services cert mapping?  I believe it's the "ClientCertificateMappingAuthentication" provider as opposed to the "iisClientCertificateMappingAuthentication" provider.

Jan 19 2007 by zjuggler


Jun 09 2007 by 半导体激光治疗仪

Submit a Comment

  • Plain text is accepted.
  • URLs starting with http:// are converted to links.