Require client certificate only for a folder

Question

Currently my application is under a load balancer (NetScaler) and it does SSL Offload, so my application run in http, but externally is on https. In IIS is bound only http:80. The load balancer use a certificate called *.mycert.com

Now I have to require for a client certificate for a specific folder of my application /Services, but the certificate is myPeskyCert so different from *.mycert.com. This is necessary because I have to respect how the client will call me.

Currenlty I'm following the following answers:

Can IIS require SSL client certificates without mapping them to a windows user?

What is the difference between requiring an SSL cert and accepting an SSL cert?

,but in this way my application:

I have to do ssl bridging, so I have to bind 443 on the web app
in this way ALL my application is presented as myPeskyCert

How do I have to handle IIS in order to present my application as *.mycert.com, but ask for myPeskyCert when the folder /Services is requested?

Irvin Dominin Irvin Dominin · Accepted Answer · 2018-05-20T11:41:21

It's non possible, a certificate must refer to the entire site bound.

The solution is the following:

bound the application to two different url binding
on the balancer set one certificate or the other with ssloffload on the two different url

Require client certificate only for a folder

1 Answers