locked
Can't access computer certificates RRS feed

  • Question

  • We installed ADFS on a Windows Server 2016. We added a MFA Method called Mobile ID. To access the MobileID Webseite, a Client certificate is needed that is installed under Personal Certificates Local Computer.

    We could install the certificate with private key. We also added the permission on the private key for the ADFS Service account. But when we access the ADFS Test page and choose MobileID as authentication, the System cannot find the MobileID Certificate. I added the ADFS Serviceuser also in the local Administrator Group of the Server without success. I am checking all permissions since two days and I cant find any error. Also the ADFS SSO is working well. But when trying to use the MobileID solution, an error message appears. On the ADFS Server then I have a Event Log Entry 364: System.Exception: No valid SSL client cert found.

    To check if the MobileID Certificate works, I have a Test URL. When accessing them, the browser should ask which Certificate I would like to use for authentication. I cannot choose the certificate to Access the Website when installed as local machine certificate. When I install the same Certificate in the user certificate store, the Test URL works fine. But I need them under local Computer certificates.

    Has someone an idea what could cause this error? Thank you.

    Wednesday, May 23, 2018 7:12 AM

Answers

  • I found the error in the meantime. MobileID has a configuration file with the Cert Thumbprint to use for client authentication. It seems that the thumbprint is case sensitive. After writing the thumbprint with uppercase letters, everything is working fine.
    • Marked as answer by M.Weissbach Wednesday, May 23, 2018 7:49 AM
    Wednesday, May 23, 2018 7:49 AM