Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
efchaves
Explorer

Import the root CA and intermediate CAs for authentication with digital certificate to work

Jump to solution

Hello everybody,

We are trying to enable MFA on the remote VPN. Authentication is currently done through LDAP and works perfectly. We want to enable authentication with digital certificate from an external CA and LDAP username and password. We made the necessary settings informing the LDAP field used to compare with the digital certificate field. We verified in the logs that the field (Subject DN.CN) is correctly extracted from the certificate. However, during client authentication, the following error message is displayed:
"cannot complete certificate chain CN=Brazilian Root Certification Authority v5,OU=National Institute of Information Technology - ITI,O=ICP-Brasil,C=BR"

I would like to know where and how to import the root CA and intermediate CAs.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

You need to create a Certificate Authority object if you haven't already.
In the file you import, you will need to include the entire certificate chain (root plus intermediate ones).

If you've done that already, it's possible you will need to import the root and intermediate certs to the clients themselves.

View solution in original post

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

You need to create a Certificate Authority object if you haven't already.
In the file you import, you will need to include the entire certificate chain (root plus intermediate ones).

If you've done that already, it's possible you will need to import the root and intermediate certs to the clients themselves.

0 Kudos