Forum Discussion
Conditional Access using certificate from Internal PKI
Schebby The redirect is the path appended by MCAS reverse proxy. So dependent on your region (mine is EU) the url looks like this and you can see in the address bar when MCAS adds it when visiting the address under certificate control.
eu.access-control.cas.ms
So you add for example *.eu.access-control.cas.ms to the trusted sites zone. And yes you enable the setting in that zone for "do not prompt for a cert".
Kevin Spreadbury I figured it out (with help from support)! It wasn't trusted sites or AutoSelectCertificateForUrls (on Chrome/Edge (Chromium) side) at all (although I had already set that per your guidance). It was that I didn't have a client cert in the local user cert store. Apparently, (on Win10 at least) the browsers won't look in the local machine cert store for client (identity) certs. I wasn't being prompted because nothing was available for the browsers to show. Once I added a cert to the local user cert store, it immediately started prompting (and working).
Hope this helps others...
Schebby Hi, yes correct hence my comment above it needs to be a user certificate and not a machine certificate. You'll also need to ensure the certificate is not exportable by the user of course.