Score:0

Certificate Server Issues

in flag

We have 1 root server and 2 intermediate servers. We have been having issues where every year when it's time to renew user and computer certs issued from the intermediate servers, they do not renew properly even when it looks like everything should be good. GPO is set to renew, new users are getting certs issued at initial log in but this morning any users, whos certs expired yesterday were unable to log in to the Wi-Fi or vpn until I turned on the root CA, then everything began to work. I am getting the error: The client certificate for the user SCCUSINC\username is not valid, and resulted in a failed smartcard logon. Please contact the user for more information about the certificate they're attempting to use for smartcard logon. The chain status was : A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Has anyone had similar certificate issues?

Appleoddity avatar
ng flag
This is a really complex subject with little to go on in your post. If you have to turn the root CA on then what is it doing that resolves the problem? Is it updating a CDP or AIA? Is a certificate getting renewed on the intermediate servers? There’s just not enough information here to even make a guess. WHAT have you tried to troubleshoot?
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.