Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
440
Views
0
Helpful
2
Replies

Certificate validation failure for device based authentication

mojo-BD
Level 1
Level 1

‎05-20-2025 12:48 AM - edited ‎06-05-2025 11:54 PM

Update: The issue has now been resolved

Just one user is experiencing the issue
But another user can connect using the same machine when the other user login

Also, from the login screen, can connect

SO its mainly break when the particular user logged in

One error log from event viewer

Function: CCertStore::GetCertificates

File: c:\temp\build\thehoff\vpn\commoncrypt\certificates\certstore.cpp

Line: 225

Ignoring client certificate because it does not contain the required EKU extension. Certificate details:

Store: Microsoft Machine, 

Labels:
0 Helpful
2 Replies 2

pieterh
VIP
VIP

‎06-05-2025 08:25 AM

this does not sound like a Cisco problem? this is a client  issue.

my guess is the certificate needed to be in the computer-certificate store, but was loaded in a user-specific certificate-store

 

0 Helpful

mojo-BD
Level 1
Level 1
In response to pieterh

‎06-05-2025 11:53 PM

Thank you for the suggestions
Yes figured it out
The app was set to select any certificate like client one or device one, and it was trying to use the user certificate (obviously) , the user store had two similar certificate (which is weird) , so it was failing as it cant detect which one to use.

We have revoked the cert from the user from AD and republish it, worked 


0 Helpful
Top