• State Not Answered
  • Replies 3 replies
  • Subscribers 65 subscribers
  • Views 199 views
  • Users 0 members are here
Options
Related

WS-Federation authentication with Certificate chain validation.

leandro venega
1 month ago

Hello,

Has anyone encountered this error when configuring WS-Federation authentication with Azure? This error appears whenever I check Certificate chain validation.

The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=accounts.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

Parents
  • 0 1 month ago

    I haven't experienced the issue in Active Roles Azure setup, but for sure I've had cert chains fail due to intermediate certs being expired or revoked.   The answer is there - replace the cert or skip the validation.  Typically, if an intermediate cert expires or is revoked, the CA can re-sign the cert from a trusted CA to re-establish the trusted chain of authority.  So it will likely still be the same cert in terms of crypto keys, etc., but with additional CA signatures on it.  

Reply
  • 0 1 month ago

    I haven't experienced the issue in Active Roles Azure setup, but for sure I've had cert chains fail due to intermediate certs being expired or revoked.   The answer is there - replace the cert or skip the validation.  Typically, if an intermediate cert expires or is revoked, the CA can re-sign the cert from a trusted CA to re-establish the trusted chain of authority.  So it will likely still be the same cert in terms of crypto keys, etc., but with additional CA signatures on it.  

Children
No Data