• State Not Answered
  • Replies 3 replies
  • Subscribers 65 subscribers
  • Views 250 views
  • Users 0 members are here
Options
Related

WS-Federation authentication with Certificate chain validation.

leandro venega
2 months ago

Hello,

Has anyone encountered this error when configuring WS-Federation authentication with Azure? This error appears whenever I check Certificate chain validation.

The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=accounts.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

Parents
  • 0 2 months ago

    I haven't experienced the issue in Active Roles Azure setup, but for sure I've had cert chains fail due to intermediate certs being expired or revoked.   The answer is there - replace the cert or skip the validation.  Typically, if an intermediate cert expires or is revoked, the CA can re-sign the cert from a trusted CA to re-establish the trusted chain of authority.  So it will likely still be the same cert in terms of crypto keys, etc., but with additional CA signatures on it.  

  • 0 2 months ago in reply to jraines

    Good morning,

    Thank you for your reply.

    I unchecked the option, it is working normally, it is the third client that I have configured and left unchecked.

    I was unable to identify which certificate it is complaining about. Is the ARS certificate valid, are the certificates in the chain valid too, or would it be another certificate?

Reply
  • 0 2 months ago in reply to jraines

    Good morning,

    Thank you for your reply.

    I unchecked the option, it is working normally, it is the third client that I have configured and left unchecked.

    I was unable to identify which certificate it is complaining about. Is the ARS certificate valid, are the certificates in the chain valid too, or would it be another certificate?

Children
No Data