Client Certificates and new last name

Akin 61 Reputation points

We require user certificate for pre-auth for our VPN solution. Our User certificate have UPN as SAN. When last name changes and UPN change, it seem users cannot connect back to VPN.

Anyone have insight into this? How can we reissue new cert (when still connected?) New cert do not auto issue with cerutil -pulse

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,321 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,682 questions
{count} votes

Accepted answer
  1. Hannah Xiong 6,221 Reputation points


    Thank you so much for posting here.

    Have we tried to request a new certificate via certificate MMC?

    Did we configure the user certificate auto-enrollment? To delete the old user certificate in the personal store, we could try the below command:

    Certutil -delstore -user MY <certificate name>


    For any question, please feel free to contact us.

    Best regards,
    Hannah Xiong


    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful