Getting The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people sto

vishal patil asked on March 13, 2024 19:25

This is the process we are Currently following to Use Single sign-on Authentication using Azure Ad Claims Based authentication from Kentico settings

The certificate which we are using is secured And Licenced it is Present in the Manage Computer Certificate --> Trusted People

Claims Based Authentication Process We Are following:

identity provider url: https://login.microsoftonline.com/clientid/wsfed --> clientId we have generated through azure portal

Security Realm : https://example.portal.com/

Allowed Audience Url : https://example.portal.com/

Trusted Certificate Thumb Print:

For Generating thumb print we are following this process

1.https://login.microsoftonline.com/clientid/federationmetadata/2007-06/federationmetadata.xml --> pasting this url in the browser and by using Saml Tool we are trying to generate the thumb print this thumb print we are using in this path Trusted Certificate Thumb Print

(or)

Do we need to use the Thumb Print From the certificate Configuration

Certificate Validator : Chain trust (Under Manage Computer Certificate--> Trust People ,so using this as referred from kentico documentation https://docs.kentico.com/k10/managing-users/user-registration-and-authentication/claims-based-authentication)

when we use this we are getting this error: Certificate Validator as : Chain Trust The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store. The X.509 certificate CN=accounts.accesscontrol.windows.net chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

When Checked with Certificate Validator as : None

getting this error

IssuerNameRegistry.GetIssuerName]: Untrusted certificate.

When Checked with Certificate Validator as : Peer Trust getting this error

The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store.

Can You please suggest where we are getting wrong and which certificate needs to be imported and where. or is there any alternative way we can do the integration.

Recent Answers

Juraj Ondrus answered on March 14, 2024 08:33

I would recommend reaching out to Azure AD support and check with them why your X.509 certificate is not trusted. This is not a Kentico issue.

1 votesVote for this answer Mark as a Correct answer

vishal patil answered on March 22, 2024 09:36

Thanks Juraj for the response, based on your suggestions, We reached out to Azure AD Support team, they checked and added the Certificate in Trusted root certification authorities. 

 after that we tried to login the application and  observed that after authentication the application is continuously going in loop and redirecting with same blank page and it is not redirecting to home page. 
 also after checking in error log ,now we are not getting the error below

The X.509 certificate CN=accounts.accesscontrol.windows.net is not in the trusted people store.

but facing the loop issue.

 can you please suggest what could this causing the issue.
0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.