Are Intermediate Certificates supported for End-User Certificate Verification?
Yes, intermediate certificates are supported for end user certificate verification. This covers PKI and LDAP
certificate methods. This allows an intermediate certifying authority to be imported to validate a certificate
chain, without requiring trust of the root certifying authority.
A client machine can use a client certificate that was issued by an intermediate certifying authority. When such
a client certificate is imported directly on Windows 10, the client certificate is stored in the personal store, the
intermediate certificate is imported to the intermediate CA store, and the root CA certificate is imported to the
root CA store. This is the recommended method, and the certificates will work with tunnel clients and ExtraWeb
clients using PKI authentication. If all three certificates are stored in the personal store, which can happen if
certmgr.msc is used to import the client certificate, then Connect Tunnel may display an error and deny access.
This is not a recommended configuration.
Was This Article Helpful?
Help us to improve our support portal