cancel
Showing results for 
Search instead for 
Did you mean: 
brianp
Level 7
Report Inappropriate Content
Message 1 of 5

PKI Authentication

I am trying to configure my ePO server to accept smart card login. I have performed the following steps thus far:

-- Menu -> Server Settings -> Certificate Based Authentication -> Edit

-- Under second field, uploaded root CA pkcs7 certificate file

-- Checked "enable certificate based authentication"

-- Restart Server

-- Menu -> Users -> <user> -> Actions -> Edit

-- Changed Authentication type from "Windows Authentication" to "Certificate Based Authentication"

-- Loaded user certificate that chains back to root CA from above

After all of these steps were completed, I open the ePO console from a web browser (Edge, FF, Chrome, and IE tried) and am prompted for my smart card and PIN. I enter my PIN, and it seems to accept it -- however, I am deposited on the login screen rather than being signed in to the dashboard. Because I have CBA enabled for the user, I am unable to login with traditional credentials. I have tried this with several different test users, and different combinations of certificates. Please advise!

4 Replies

Re: PKI Authentication

There is no Checkbox below the password that with "Use Certificate"?

cdinet McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 5

Re: PKI Authentication

Remote into the epo server and use localhost in the url for the browser, and you should be able to log in without cert auth.  Then go through the steps again to see if there was something missed.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: PKI Authentication

I was able to configure Certificate base authentication but I being ask to put the PIN almost every time the page refreshes. 

cdinet McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: PKI Authentication

Under server settings, user session, change the default session timeout.  I believe the highest you can go is 1440, but you can try higher if you want.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community