To further secure your SharePoint server, you can implement client site certificate. With client certificate, you end user must install the certificate manually before they grant access to your server. How the cert should be distributed will not cover here. Below are simple steps on how to implement client certificate.
You need to prepare the Client Certificate before you start the configuration.
- Setup your WSS to use SSL
- Now in IIS Manager, select Directory Security tab, under Secure Communications click Edit…
- Checked Required client certificates
- Checked Enable client certificate mapping
- Click Edit… button
- Click Add, the select the Client Certificate, and the AD Account you with to map the certificate to.
For Client Certificate mapping, you can do it in two way.
- If you enter the password, all client having the cert will be logged as the account you selected
- If you leave the password blank, they will be challenge with NTLM (user id and password) when they first access the site