Secure Mobile Access 12.4 Administration Guide

Are Intermediate Certificates supported for End-User Certificate Verification?

Yes, intermediate certificates are supported for end user certificate verification. This covers PKI and LDAP certificate methods. This allows an intermediate certifying authority to be imported to validate a certificate chain, without requiring trust of the root certifying authority.

A client machine can use a client certificate that was issued by an intermediate certifying authority. When such a client certificate is imported directly on Windows 10, the client certificate is stored in the personal store, the intermediate certificate is imported to the intermediate CA store, and the root CA certificate is imported to the root CA store. This is the recommended method, and the certificates will work with tunnel clients and ExtraWeb clients using PKI authentication. If all three certificates are stored in the personal store, which can happen if certmgr.msc is used to import the client certificate, then Connect Tunnel may display an error and deny access. This is not a recommended configuration.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.