Forum Discussion
Solved
Certificate authentication with SID not working
When trying to login to Windows (against AD) using a certificate with the SID extension present in the certificate, it will not work if the SAN UPN is missing in the certificate. The error message "Y...
Yes, this behavior is by design. Windows certificate-based logon requires the Subject Alternative Name (SAN) extension with a valid User Principal Name (UPN) for proper mapping to the AD user account even if the SID extension is present.
Yes, this behavior is by design. Windows certificate-based logon requires the Subject Alternative Name (SAN) extension with a valid User Principal Name (UPN) for proper mapping to the AD user account even if the SID extension is present.
Thanks for the clarification! It would be great if Microsoft could update the "Certificate processing logic" flowchart on https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration