Forum Discussion

gd-29's avatar
gd-29
Brass Contributor
Aug 12, 2019

Valid Client Certificate Setup

How do you get valid client certificate to work?  What i have so far.  1. CA with Intermediate, User Certificate Template cloned for this purpose 2. Issued a cert to my domain desktop and IOS devi...
Cloud App Security
rajatm's avatar
rajatm
Former Employee
Apr 20, 2020

rodrigobe are you importing the cert on the client in the current user's personal store? that's where the cert needs to be on the machine and it also needs to have a private key. Once you have configured a session/access policy to check for a valid client cert, you should be prompted to select one from this store when you browse to app you configured in the policy

 

ataviste's avatar
ataviste
Copper Contributor
Apr 21, 2020

Hello,

 

Sorry to resurrect this thread.

 

I'm also trying to get a client-certificate based condtional access session policy to work in MCAS.

 

I can get the browser to prompt for the certificate I issued, but it never accepts it and access is always blocked. I'm sure the issuing CA chain is correct and configured in MCAS, but MCAS just doesn't like any certificate I issue from the CA.

 

Has anybody managed to get this to work?

 

Thanks,

Antony

  • gd-29's avatar
    gd-29
    Brass Contributor
    Apr 21, 2020

    ataviste did you try just the root CA or a combination of root and intermediate uploaded?

    i forgot what was recommended by support when i was trying.

    • ataviste's avatar
      ataviste
      Copper Contributor
      Apr 21, 2020

      gd-29 

       

      Hi,

       

      I uploaded the root and intermediate CA as two separate PEM files in MCAS