Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
0
Replies

Multiple Client certificates

rpomerleau
Level 1
Level 1

‎11-25-2013 12:49 PM - edited ‎03-10-2019 09:08 PM

Dilema: We have Comodo certs for our users, but the only thing missing from the certificate is Principal Username, so I can't use it to authenticate my users. I don't want to reissue all the certificates as that would be to costly.

     So I tried using multiple certificates. I setup a GPO to enroll my machines and users. That works. I setup a Certificate Authentication Profile, source sequence, condition,,,etc. Created my policies, and everything worked as it should using the certs published internally.

Issue: When I used a test user (myself) who has 2 certificates the authentication fails. BUT it doesn't fail all the time! I have 2 pc's running the same build, in the same switch on different ports. I can log in successfully on one, but not the other. I've removed the Comodo certificates and both pc's authenticate fine. I put them back on and I get the same results. I've been reading that is ISE gets multiple certificates it does a search and takes the good one. I don't see why this would work for one pc, and not the other.

Version:1.2.0.899

Patch Information:2

I'm opening a TAC, but curious to know what others think

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents