2.2.4.3 CertMappingType

  • Article

The CertMappingType defines a mapping between a set of client certificates and a local user account on the server.<3>

 <xs:schema 
  xmlns:cert="http://schemas.microsoft.com/wbem/wsman/1/config/service/certmapping" 
  xmlns:xs="http://www.w3.org/2001/XMLSchema" 
  targetNamespace="http://schemas.microsoft.com/wbem/wsman/1/config/service/certmapping" 
  elementFormDefault="qualified">
   <xs:element name="CertMapping" type="cert:CertMappingType"/>
   <xs:complexType name="CertMappingType">
     <xs:sequence>
       <xs:element name="URI" type="xs:string" />
       <xs:element name="Subject" type="xs:string" />
       <xs:element name="Issuer" type="xs:string"/>
       <xs:element name="UserName" type="xs:string" minOccurs="0" />
       <xs:element name="Enabled" type="xs:boolean" minOccurs="0"/>
       <xs:element name="Password" type="xs:string" minOccurs="0"/>
   </xs:sequence>
   </xs:complexType>
 </xs:schema>
  
  
 

Elements

Issuer: This is a thumbprint (40-digit Hex string) for the issuer of the client certificate. For example, in a certificate chain (client cert, issuer, intermediate CA1, . . . root CA), this thumbprint MUST always identify the certificate used to sign the client certificate (issuer).

Subject: This is a string to pattern match against the subject in the certificate. It MUST contain at least one character, and it MUST contain at most one "*" character that is the first or the last character. The "*" character matches any substring of zero or more characters (this might be the only character in which case it matches all subjects).

URI: The Resource URI or URI prefix to which this mapping applies. It MUST contain at least one character, it MUST contain at most one "*" character that is the last character, and it MUST not contain any internal white space or the "?" character. The "*" character matches any substring of zero or more characters (this might be the only character in which case it matches all URIs).

UserName: User account in the server used to impersonate for the operation if using this certmapping configuration. Domain credentials are not allowed.

Password: Password for the user account in the server used to impersonate for the operation if using this certmapping configuration. If present, this cannot be empty.

Enabled: Boolean value used to decide if the server is to use this certmapping configuration for subsequent operations.