Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Choose the Machine Authentication Cetificate

Jump to solution

Hi,

We wanted to test the new Machine Authentication Feature of the Windows VPN Clients.
we are currently facing the problem that we get one Certificate enrolled by default by our AD and we have the certificate to authenticate our Client. The Problem is the VPN Client tries to use the auto enrolled one, but it doesn't work. If we delete it is functioning.

Is there a method to choose witch one will be used?

1 Solution

Accepted Solutions
Highlighted
Admin
Admin
I checked with the relevant R&D owners.
The certificate that is used is the one that has the latest "Not After (Date)."
There isn't a way to choose it otherwise.

View solution in original post

5 Replies
Highlighted
Admin
Admin
I checked with the relevant R&D owners.
The certificate that is used is the one that has the latest "Not After (Date)."
There isn't a way to choose it otherwise.

View solution in original post

Highlighted
Explorer
Thank you.
That is unfortunate it would be great when we had the option to do that or at least Choose from which CA it will be used so we could guaranty that it would use the right one.
0 Kudos
Reply
Participant

Hi PhoneBoy,

Regarding this solution you described Machine Cert I have few questions:

When we implement Machine Cert is it possible at same time for some LDAP AD users for example in specific group or OU to use just AD user pass authentication without Machine Cert?

 When we implement Machine Cert are we able to authenticate with mobile device (Android,IOS etc) with endpoint client using same AD user for which is mandatory machine cert?

When we use AD + machine cert auth is it possible in same time for some users to use Local defined in SMS user+cert+pass endpoint authentication?

If answers are yes on this questions, can all of this function in same time?

Highlighted
Employee+
Employee+

Hi @Milan_Jovanovic ,

It is not possible to exclude usage of machine certificate for some group of users.

Two more your questions require clarification. Please describe what you would like to use in both cases.

0 Kudos
Reply
Highlighted
Participant

Thank you AndreiR.

Second question is about how machine certificate work with mobile devices Android IOS which are not domain computers. Can we authenticate on that devices with AD user?

Third question when we setup and use machine authentication for our LDAP users can we for external people that don't have AD account on SMS create local users with pass and cert and use them for authentication for endpoint vpn access?

0 Kudos
Reply