cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Valid Client Certificate Setup

gd-29
Brass Contributor

‎Aug 12 2019 06:45 AM

‎Aug 12 2019 06:45 AM

Valid Client Certificate Setup

How do you get valid client certificate to work? 

What i have so far. 

1. CA with Intermediate, User Certificate Template cloned for this purpose

2. Issued a cert to my domain desktop and IOS device

3. Enabled a conditional access policy for custom MCAS policy

4. Root and intermediate cert upload to MCAS

5. MCAS policy to block if there is no valid client certificate. 

 

the block works, i get the "test block" message. but i can't get the client certificate prompt or figure out why it won't prompt for certificate.

 

My end goal is to test valid client certificate against a few 3rd party IOS apps where device certificate/standard device compliance checkbox doesn't work in conditional access. 

Labels:
10.3K Views
0 Likes
25 Replies
Reply
25 Replies
rodrigobe

‎Apr 22 2020 06:39 AM

‎Apr 22 2020 06:39 AM

Re: Valid Client Certificate Setup

Thank you for your reply!
I was trying to use a certificate in local machine, not in the current user. Now I changed the CA certificate for the one that I have on my current user and it's working!

Thanks again.
1 Like
Reply
gd-29

‎Apr 22 2020 06:58 AM

‎Apr 22 2020 06:58 AM

Re: Valid Client Certificate Setup

thats a great find. and a cert location we rarely use. 

i need to re-test now. 

 

my second pain point with conditional access was getting it to work with native apps on mobile/IOS.

you seemed to be at the mercy of the app developer to support certificates.

 

0 Likes
Reply
rajatm

‎Apr 22 2020 11:47 AM

‎Apr 22 2020 11:47 AM

Re: Valid Client Certificate Setup

unfortunately that's correct. some apps are just not designed to honor a cert check. no way to control their access with cert based identification.
0 Likes
Reply
doody88

‎Oct 13 2021 05:21 AM

‎Oct 13 2021 05:21 AM

Re: Valid Client Certificate Setup

can this be a private certificate ?
0 Likes
Reply
gd-29

‎Oct 13 2021 06:17 AM

‎Oct 13 2021 06:17 AM

Re: Valid Client Certificate Setup

yes, i'm using an internal CA.
the problem with internal CA is revocation, unless you publish your crl to the internet. if you had to revoke without a published crl, you would have to pull the root cert and remove access for everyone.
0 Likes
Reply
BcoyneSS

‎Sep 26 2023 02:09 PM

‎Sep 26 2023 02:09 PM

Re: Valid Client Certificate Setup

WIll this work with a public certificate from someone like godaddy or entrust, or do i have to use a internal or managed PKI solution like SecureW2? My mac devices are not domain joined in any way, so my understanding is internal would not work
0 Likes
Reply