Forum Discussion

Brass Contributor

Aug 12, 2019

Valid Client Certificate Setup

How do you get valid client certificate to work? What i have so far. 1. CA with Intermediate, User Certificate Template cloned for this purpose 2. Issued a cert to my domain desktop and IOS devi...

Cloud App Security

rajatm

Former Employee

Apr 20, 2020

rodrigobe are you importing the cert on the client in the current user's personal store? that's where the cert needs to be on the machine and it also needs to have a private key. Once you have configured a session/access policy to check for a valid client cert, you should be prompted to select one from this store when you browse to app you configured in the policy

ataviste

Copper Contributor

Apr 21, 2020

Hi, I added the client certificate's PFX to the Current User Cert Store (in Personal Certifcates), and the cert is still not accepted by MCAS as a valid client certifcate.

rajatm
Former Employee
Apr 21, 2020
ataviste do you have the private key for this cert? and what is the listed usage for this cert?
- ataviste
  Copper Contributor
  Apr 21, 2020
  Hi,
  
  Yes I imported a PFX, and the "You have a private key that corresponds to this certifcate" message is present.
  The cert usage is client authentication.
  - rajatm
    Former Employee
    Apr 21, 2020
    is the CA reachable over internet for a CRL check? if not, you may want to test by disabling the CRL check option in CAS portal settings right under where you upload the root cert.
    
    also, just to understand the behavior, you are prompted for the cert and presented a list box, you select one and then does the page fail to load? or does it load but block activities configured in policy as if the cert is not valid?