We have 1 root server and 2 intermediate servers. We have been having issues where every year when it's time to renew user and computer certs issued from the intermediate servers, they do not renew properly even when it looks like everything should be good. GPO is set to renew, new users are getting certs issued at initial log in but this morning any users, whos certs expired yesterday were unable to log in to the Wi-Fi or vpn until I turned on the root CA, then everything began to work. I am getting the error: The client certificate for the user SCCUSINC\username is not valid, and resulted in a failed smartcard logon. Please contact the user for more information about the certificate they're attempting to use for smartcard logon. The chain status was : A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Has anyone had similar certificate issues?
Asked
Active
Viewed 390 times
0
-
This is a really complex subject with little to go on in your post. If you have to turn the root CA on then what is it doing that resolves the problem? Is it updating a CDP or AIA? Is a certificate getting renewed on the intermediate servers? There’s just not enough information here to even make a guess. WHAT have you tried to troubleshoot? – Appleoddity Oct 19 '22 at 03:08