question

DavidWerner-9111 avatar image
1 Vote"
DavidWerner-9111 asked SoutarSteven-8763 commented

Certificate is not valid - Issuer: MS-Organization-Access

Hi,

On several Servers, I have certificates where the certificates are listed as:

Issued to: 0882ac7e-3ff6-4231-a45b-5a654aa4303f

Issued by: MS-Organization-Access

SCOM reports these as "Certificate is invalid".

Chain Details:
--- Certificate Status ---
PartialChain: A certificate chain could not be built to a trusted root authority.


Are these certificates actually invalid and can be removed?

Also, can someone explain where or how they certificates are generated and by whom.

Thank you,

David


windows-serverwindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crypt32 avatar image
1 Vote"
Crypt32 answered

This certificate comes from ADFS and is automatically generated. You can safely skip this error. You can delete it, but next time you sign-in with ADFS, it will be generated again. In other words, it is expected behavior and by design.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DavidWerner-9111 avatar image
1 Vote"
DavidWerner-9111 answered Crypt32 commented

Hi Crypt32,

Could you explain how this certificateis generated.

The server is a Windows 2016 server and has SQL on it plus a few small applications.

How could I find out who/when/how this certificate is generated.

david


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Certificate is generated when someone uses Azure AD or other federated service (such as Office 365) via ADFS to log in to computer or web site.

1 Vote 1 ·

Hallo,
Now, i don't use federated service, and i have Office 2016 , but i have also the same Certificate.

0 Votes 0 ·
Crypt32 avatar image Crypt32 SoulaimanZaitouni-0760 ·

If certificate continues to show up, then there is some application that uses federated services (such as Office 365).

0 Votes 0 ·
KKlouzal-6117 avatar image
0 Votes"
KKlouzal-6117 answered

This certificate started showing up on client endpoints after integrating AD FS Device Registration. We are trying to use it in conjunction with AD FS Certificate Authentication however since the clients don't trust these certificates they fail during authentication.. What needs to be done for clients to trust these certs?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SoutarSteven-8763 avatar image
0 Votes"
SoutarSteven-8763 answered SoutarSteven-8763 commented

I have started seeing this exact same type of untrusted certificate, from a 3rd party cloud service which was presenting a valid certificate yesterday.

What is being done to mitigate this "working as designed" feature & prevent us all from having to teaching end users to ignore security warnings on internet services?

193172-image.png



image.png (218.3 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

In this instance it is possible that a 10-year lifespan for this certificate is also being rejected - but I cannot see a complete certificate chain being presented here - just an end-user cert with no valid domain information

0 Votes 0 ·