For Client Certificate Authentication, will IIS validate certificate when accept vs require is selected for Client certificates?

Question

I was hoping to get clarification on a previously answered question here. I interpret the statement "If you configured IIS to demand..." to say, IIS will not verify certificate validity unless if you've selected "accept" for client certificates.
Is this correct?

score 0 · Answer 1 · answered Aug 19 '20 at 18:19

Yes. If web site is not configured to accept or require client certificates, they are ignored (if still provided by client) and are not validated. If website is configured to Accept or Require client certificate, then it is validated according to validation rules when presented.

score 0 · Answer 2 · answered Aug 20 '20 at 09:32

Accept will take a certificate if it's presented, but will also continue with connections where the client doesn't present one. Require only continues with connections that have a client certificate.so to validate certificate use Require.

Refer to the below link for how to configure client certificate authentication.

https://learn.microsoft.com/en-us/archive/blogs/asiatech/how-to-configure-iis-client-certificate-mapping-authentication-for-iis7

For Client Certificate Authentication, will IIS validate certificate when accept vs require is selected for Client certificates?

2 Answers2