Use this dialog box to create or edit elements of a matching rule. Client certificates can contain identification information, such as company names, localities, or e-mail addresses, formatted into arrangements of fields and subfields. Your Web server can use this identification information to map the user's identity to a Windows user account.
Field names represent general categories of information, such as (Client) Subject and Issuer. For more information about the fields and subfields of a certificate, see the documentation for the certification authority that issued that certificate.
Subfield names represent information specific to each of the general Subject and Issuer categories. The following list describes basic subfields contained in a certificate:
The top-level organization or company name, preferably International Organization for Standardization (ISO)-registered.
(OU) Organization Unit
A department within a company, (for example, Marketing).
(CN) Common Name
The domain name of the server, (for example, www.microsoft.com).
Two-letter ISO country/region designation (for example, US, FR, AU, or UK).
(S) State or Province
The full, unabbreviated name of the state or province (for example, Washington instead of WA or Alberta instead of AB).
The full name of the city where your company is located (for example, Redmond or Toronto).
Several non-standard subfield categories are supported as well, including the following:
Initials of the certificate owner.
(GN) Given Name
Given name of the certificate owner.
Title of the certificate owner.
E-mail address of the certificate owner.
Consult a certification authority to obtain updated subfield information.
Select to configure IIS to make your rule element case sensitive.
Click a certificate field element of a matching rule from the list box. Select this element before selecting the other elements in this dialog box.
Click a sub-element of the certificate field of a matching rule from the list box. Select an element from the Certificate Field list box first in order to view the entire valid list of valid subfields.
Specify the criteria for matching field and subfield information. For example, if the subfield is "O", the criteria could be "Microsoft" to indicate to which organization the matching rule should correspond. You can use the wildcard character (*) to partially specify the text of your criteria.
To learn more about certificate mapping and certificates, see the IIS 6.0 online documentation on the Microsoft Windows Server TechCenter.