Running ePO 5.3.1, currently using Certificate Based Authentication
When I set this up I had to provide a CA Certificate and a CRL file. I have configured ePO users to use certificate based logins by importing their certs I pulled from AD.
My issue is when I have users who have certs from our other CA, ePO will not recognize them as having a valid cert. Is it possible or has anyone setup ePO to use multiple CAs so no matter which CA a user gets their cert from ePO will see it as being valid
Going by: "Certificate authentication is more manageable and scalable in large institutions than other forms of authentication because only a small number of CAs (frequently only one) must be trusted." I would say it is possible. Page 47
Yet step 4) ... "Once a file has been applied the prompt changes to Replace current CA certificate." So, does that mean the CA gets replaced over and over for every upload ...
Tested this morning. I provided ePO with my other CA Certificate and the CRL file for that CA, all my certs are issued from CA01 and not from CA02 - immediately get "no valid certificates" - logged back into ePO loaded up CA Certificate for CA01 and the CRL list for that CA and I'm good to log in. So far it seems it seems ePO and only use one CA