Forum Discussion
Conditional Access using certificate from Internal PKI
Kevin Spreadbury I figured it out (with help from support)! It wasn't trusted sites or AutoSelectCertificateForUrls (on Chrome/Edge (Chromium) side) at all (although I had already set that per your guidance). It was that I didn't have a client cert in the local user cert store. Apparently, (on Win10 at least) the browsers won't look in the local machine cert store for client (identity) certs. I wasn't being prompted because nothing was available for the browsers to show. Once I added a cert to the local user cert store, it immediately started prompting (and working).
Hope this helps others...
Schebby Hi, yes correct hence my comment above it needs to be a user certificate and not a machine certificate. You'll also need to ensure the certificate is not exportable by the user of course.