I'm trying to implement an FTPS service on Windows 10 (i know ... i know ...), with client certificate authentication and authorization (if possible)
Environment :
Windows 10 LTSC 2019 (1809)
IIS (version 10 normally)
Self Signed Certificate (CA will be available later)
PC-A > Will host FTPS service
PC-B > Will generate certificates and execute FTP client
Certificate setup :
On PC-A, root certificate creation (RootCert). Export public key from RootCert then import it on PC-B
On PC-A, generate server auth certificate (ServCert) with RootCert as Signer, then import private key to PC-B
On PC-A, generate client auth certificate (ClientCert) with RootCert as Signer.
IIS setup :
At this moment, i don't have hands on my lab
FTP site configured with anonymous (read/write permission) auth >> Working
Configure FTPS by requiring SSL >> Working
Require client authentication >> Working
Map client authentication for authorization based on mapped user >> Not Working
OneToOneMapping is mapping ClientCert signature to local user ftpwrite.
I removed NTFS permissions on my FTP folder (only leaving System and Administrators permissions), giving specific permission to ftpwrite account
Result, I can connect and have a write permission. But I cannot modify, create or delete content.
For me, OneToOneMapping is here to connect a client certificate to an account. That will allow to manage authorization.
Do I miss something ? or misinterpret the functionality ?
Is there a specific log to know if the mapping is successful ?
R.L.
