How can I programatically configure a virtual directory on IIS 6 to require SSL and client certificates from a starting point of having a suitable certificate already in the local certificate store, but, the current website (e.g. Default Web Site) having not been set up to use certificates?
I know how to do this using the inetmgr GUI, but, I would like to be able to perform these actions programatically, preferably from a batch script or a C# program.
I have come across IISCertDeploy.vbs from the IIS 6.0 Resource Kit, but, I don't think it meets my needs. If this can be used then I would appreciate a more helpful example of how to use it than it provides.
Update: I have managed to find a solution which works as long as the Default Web Site has an SSL certificate installed. Here is an explanation of my solution for anyone who has a similar problem.
I have written a batch script (included below) which uses Microsoft's adsutil.vbs. I have not managed to programatically install the certificate against the defualt website yet, but, having that as a manual one-off step is acceptable for now.
@echo off
if [%1]==[] GOTO NOPARAM
echo Setting SSL requirements for virtual directory '%1'
REM Setting: Require Secure Channel (SSL) = true
adsutil.vbs set w3svc/1/root/%1/AccessSSL true
REM Setting: Require client certificates = true
adsutil.vbs set w3svc/1/root/%1/AccessSSLNegotiateCert true
REM Set required SSL file permission flags
REM (104 -> AccessSSL=8 | AccessSSLNegotiateCert=32 | AccessSSLRequireCert=64)
adsutil.vbs set w3svc/1/root/%1/AccessSSLFlags 104
GOTO END
:NOPARAM
REM Exit if no virtual directory was specified.
echo Error: Expected parameter specifying virtual directory was not defined.
GOTO END
:END