locked
Revoked user cert still able to sign on. RRS feed

  • Question

  • I have ADFS installed on server 2016 along with a WAP in a DMZ that links to said ADFS.
    End goal is to set up certificate authentication.

    After configuring ADFS to allow this it works great. that is until i started to test what happens when i revoke a cert.
    well nothing really happens cert is revoked but can still access ADFS sign in with said cert.

    so i exported the cert and ran "CertUtil -verify test.cer" against it on both the WAP and ADFS server both came back saying Revoked.

    am i missing something here surely if cert is revoked i shouldn't be able to sign on to ADFS.

    any help would be much appreciated. 

    Thursday, February 14, 2019 1:28 AM

All replies

  • Hello,

    There are 3 certificates on ADFS - token signing,token decryption and service communication. which one did you revoke.

    Can you also elaborate what you are trying to achieve here?


    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Friday, February 15, 2019 7:49 AM
  • Thanks for your reply,

    This was a client user certificate used for signing into ADFS.

    Friday, February 15, 2019 9:39 AM