Forum Discussion
Valid Client Certificate Setup
rodrigobe are you importing the cert on the client in the current user's personal store? that's where the cert needs to be on the machine and it also needs to have a private key. Once you have configured a session/access policy to check for a valid client cert, you should be prompted to select one from this store when you browse to app you configured in the policy
- Thank you for your reply!
I was trying to use a certificate in local machine, not in the current user. Now I changed the CA certificate for the one that I have on my current user and it's working!
Thanks again.thats a great find. and a cert location we rarely use.
i need to re-test now.
my second pain point with conditional access was getting it to work with native apps on mobile/IOS.
you seemed to be at the mercy of the app developer to support certificates.
- unfortunately that's correct. some apps are just not designed to honor a cert check. no way to control their access with cert based identification.
- Hi, I added the client certificate's PFX to the Current User Cert Store (in Personal Certifcates), and the cert is still not accepted by MCAS as a valid client certifcate.
Hello,
Sorry to resurrect this thread.
I'm also trying to get a client-certificate based condtional access session policy to work in MCAS.
I can get the browser to prompt for the certificate I issued, but it never accepts it and access is always blocked. I'm sure the issuing CA chain is correct and configured in MCAS, but MCAS just doesn't like any certificate I issue from the CA.
Has anybody managed to get this to work?
Thanks,
Antony
