I had originally posted this question in securitystackexchange, but I didn't get the answer I was expecting, and I see the topic can also fit here.
I need to connect two servers in different locations in order for one of them (Linux stack) issues HTTP periodic requests to the other (Windows stack) -Windows Server 2008 R2- using cron based jobs.
On the Windows machine, I am going to set up an IIS with a self-signed certificate to authenticate to the client (by pinning the certificate) and to encrypt the connection over SSL.
I am also going to configure IIS to request client certificate to authenticate the Linux server. I have gone through a tutorial to configure the Certificate Authentication which involves mapping the certificate to a user account.
I am not happy with the idea of having a user account created for a remote server because I wouldn't like anyone logging into the (Windows) server with that account.
With this in mind:
1) Do I really need to create a user in the Windows server to enable client certificate authorization?
2) if I really need to create an account on the Windows machine, what do I need to set for this user not to be able log into the windows server, nor do anything else but authenticate itself to the IIS?
Note: The active-directory tag was added by @Lex Li. I will leave it, but I understand (and I may be wrong) that there are security concerns about having active directory in Internet facing servers.