You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/entra/entra-id/app-integration/error-code-aadsts50017-certificate-based-authentication-failed.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: Error AADSTS50017 - Validation of Given Certificate for Certificate-Based
3
3
description: Provides solutions to the Microsoft Entra authentication AADSTS50017 error that occurs when you access an application or resource with certificate-based authentication (CBA).
4
4
ms.reviewer: laks, joaos, willfid, v-weizhu
5
5
ms.service: entra-id
6
-
ms.date: 02/20/2025
6
+
ms.date: 02/24/2025
7
7
ms.custom: sap:Issues Signing In to Applications
8
8
---
9
9
# Error AADSTS50017 - Validation of given certificate for certificate-based authentication failed
@@ -29,7 +29,7 @@ To resolve this issue, follow these steps:
29
29
30
30
1. Check if issuing certificate is correctly uploaded to the trusted certificate list.
31
31
32
-
A certificate chain consists of multiple certificates linked together. The end-user's certificate can be issued by a root CA or a non-root CA (intermediate CA). If you have a non-root issuing CA (intermediate CA), both intermediate and root CA certificates must be uploaded to the Microsoft Entra CA trusted store.
32
+
A certificate chain consists of multiple certificates linked together. The enduser's certificate can be issued by a root CA or a non-root CA (intermediate CA). If you have a non-root issuing CA (intermediate CA), both intermediate and root CA certificates must be uploaded to the Microsoft Entra CA trusted store.
33
33
34
34
2. Check the SKI value of your certificate and confirm if the AKI value matches any intermediate or root CA certificate that's uploaded to the trusted store.
35
35
@@ -51,7 +51,7 @@ If any certificates in the certificate chain are missing valid extension identif
51
51
52
52
To resolve this error, validate the certificate policy extensions for all certificates within the certificate chain, including user certificates, intermediate CA certificates, and the root CA certificate. Ensure that the certificate policy extension and its Object Identifiers (OIDs) are consistent and valid across the entire chain.
53
53
54
-
To verify the policy OIDs for consistency and validity, retrieve the relevant certificates in chain and validate them as shown below:
54
+
To verify the policy OIDs for consistency and validity, retrieve the relevant certificates in chain and validate them as follows:
55
55
56
56
:::image type="content" source="media/error-code-aadsts50017-certificate-based-authentication-failed/certificate-policies.png" alt-text="Screenshot that shows certificate policies." lightbox="media/error-code-aadsts50017-certificate-based-authentication-failed/certificate-policies.png":::
0 commit comments