If you're using certificate authentication from the extranet, ensure that at least one Authority Information Access (AIA) and at least one CRL distribution point (CDP) or Online Certificate Status Protocol (OCSP) location from the list specified in your certificates are accessible from the internet.Also ensure that traffic to this hostname is allowed through the firewall. If you're using AD FS in alternate certificate authentication mode, ensure that your AD FS and WAP servers have Secure Sockets Layer (SSL) certificates that contain the AD FS hostname prefixed with "certauth." An example is certauth.fs. Ensure that the root certificate of the chain of trust for your user certificates is in the NTAuth store in Active Directory.You usually do this via Group Policy Object (GPO) on AD FS and WAP servers. Ensure that your user certificate trust chain is installed and trusted by all AD FS and Web Application Proxy (WAP) servers, including any intermediate certificate authorities.Determine the mode of AD FS user certificate authentication that you want to enable by using one of the modes described in AD FS support for alternate hostname binding for certificate authentication.Users are using certificates provisioned to mobile devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |