This metabase identifier contains flags that specify Secure Socket Layer (SSL) permissions attributes for a resource.
| Data type | DWORD |
| Default inheritance | Inheritable |
| User type | IIS_MD_UT_FILE |
| Constant | Value | Description |
| MD_ACCESS_SSL | 0x00000008 | SSL permissions required |
| MD_ACCESS_NEGO_CERT | 0x00000020 | Client certificate optional |
| MD_ACCESS_REQUIRE_CERT | 0x00000040 | Client certificate required |
| MD_ACCESS_MAP_CERT | 0x00000080 | Server will map client certificate to Microsoft® Windows NT® account |
| MD_ACCESS_SSL128 | 0x00000100 | SSL permissions, with 128-bit key, required |
This identifier is available at the following metabase keys:
| Metabase Path | Key Type |
| /LM/W3SVC | IIsWebService |
| /LM/W3SVC/n | IIsWebServer |
| /LM/W3SVC/n/ROOT | IIsWebVirtualDir |
| /LM/W3SVC/n/ROOT/WebVirtualDir | IIsWebVirtualDir |
| /LM/W3SVC/n/ROOT/WebVirtualDir/WebDirectory | IIsWebDirectory |
| /LM/W3SVC/n/ROOT/WebVirtualDir/WebDirectory/WebFile | IIsWebFile |
If the MD_ACCESS_NEGO_CERT bit is set, and the MD_ACCESS_REQUIRE_CERT bit is unset, the server will request a certificate from the client. If the client is unable to provide the correct, or any, certificate, the connection is nonetheless maintained. However, if both of these bits are set, then the connection will be terminated if the client is unable to provide the correct certificate. Note that if MD_ACCESS_NEGO_CERT is unset, the server will not request a certificate, no matter what the setting of MD_ACCESS_REQUIRE_CERT. Also note that some browsers, including some versions of Internet Explorer, will terminate the connection if they are unable to provide the correct certificate, regardless of the setting of the MD_ACCESS_REQUIRE_CERT bit.