azure login certificate validation failed

Question

azure login certificate validation failed

Dave Murray 0

Trying to use two azure logins I now cannot access one due to the following error - certificate validation failed

Navya 19,875 Reputation points Microsoft External Staff Moderator

2025-05-20T14:16:09.0266667+00:00
Hi Dave Murray

To better understand the issue, could you please provide more details? How are you accessing Azure through a browser or PowerShell? When exactly does the error occur during login or while switching between accounts?

Could you please check the following steps:

Please verify that the certificate and the issuing certificate authority’s root certificates are installed on your device.

Check if Microsoft Entra ID is correctly configured for certificate-based authentication.

Switching between two Azure accounts might cause token or session conflicts. Try clearing your browser cookies or sign out of all sessions and sign in again with the desired account.
Dave Murray 0 Reputation points

2025-05-20T15:47:55.5433333+00:00

My colleague is attempting to access via a browser.

Try clearing your browser cookies or sign out of all sessions and sign in again with the desired account.

We have tried this and even using a different browser.

"verify that the certificate and the issuing certificate authority’s root certificates are installed on your device."
-- how do i do this (on a mac?)

"Check if Microsoft Entra ID is correctly configured for certificate-based authentication"
-- is this a per user setting? other users are not having this problem
Navya 19,875 Reputation points Microsoft External Staff Moderator

2025-05-20T17:50:16.8133333+00:00

Hi Dave Murray

Certificate-based authentication (CBA) in Microsoft Entra ID is not configured per user; it is enabled tenant-wide.

Since the issue is occurring for only one user, it is likely specific to that user’s configuration or device.

Could you please provide the sign-in logs for the affected user? You can refer to this article for instructions: sign-in-logs

Also, I’ve requested some additional information from you via private messages. Could you please take a moment to check and respond?
Navya 19,875 Reputation points Microsoft External Staff Moderator

2025-05-21T12:34:44.8366667+00:00

Hello @Dave Murray,

Following up to see if the above information was helpful or if you were able to resolve this issue? And, if you have any further query do let us know.
PRATIK JADHAV 165 Reputation points Microsoft External Staff Moderator

2025-05-21T13:24:14.66+00:00

Hello @Dave Murray,

I just wanted to follow up and see if you had a chance to review above response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.
SrideviM 5,630 Reputation points Microsoft External Staff Moderator

2025-05-22T03:31:39.7+00:00

Hello Dave Murray,

Just checking in to see if you had a chance to review the suggestions shared by Raja Pothuraju earlier. Were you able to check the certificate-based authentication and conditional access settings for the affected user? Let us know if the issue persists.

1 answer

Your answer

Navya 19,875 Reputation points Microsoft External Staff Moderator

2025-05-20T14:16:09.0266667+00:00

Hi Dave Murray

To better understand the issue, could you please provide more details? How are you accessing Azure through a browser or PowerShell? When exactly does the error occur during login or while switching between accounts?

Could you please check the following steps:

Please verify that the certificate and the issuing certificate authority’s root certificates are installed on your device.

Check if Microsoft Entra ID is correctly configured for certificate-based authentication.

Switching between two Azure accounts might cause token or session conflicts. Try clearing your browser cookies or sign out of all sessions and sign in again with the desired account.
Dave Murray 0 Reputation points

2025-05-20T15:47:55.5433333+00:00

My colleague is attempting to access via a browser.

Try clearing your browser cookies or sign out of all sessions and sign in again with the desired account.

We have tried this and even using a different browser.

"verify that the certificate and the issuing certificate authority’s root certificates are installed on your device."
-- how do i do this (on a mac?)

"Check if Microsoft Entra ID is correctly configured for certificate-based authentication"
-- is this a per user setting? other users are not having this problem
Navya 19,875 Reputation points Microsoft External Staff Moderator

2025-05-20T17:50:16.8133333+00:00

Hi Dave Murray

Certificate-based authentication (CBA) in Microsoft Entra ID is not configured per user; it is enabled tenant-wide.

Since the issue is occurring for only one user, it is likely specific to that user’s configuration or device.

Could you please provide the sign-in logs for the affected user? You can refer to this article for instructions: sign-in-logs

Also, I’ve requested some additional information from you via private messages. Could you please take a moment to check and respond?
Navya 19,875 Reputation points Microsoft External Staff Moderator

2025-05-21T12:34:44.8366667+00:00

Hello @Dave Murray,

Following up to see if the above information was helpful or if you were able to resolve this issue? And, if you have any further query do let us know.
PRATIK JADHAV 165 Reputation points Microsoft External Staff Moderator

2025-05-21T13:24:14.66+00:00

Hello @Dave Murray,

I just wanted to follow up and see if you had a chance to review above response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.
SrideviM 5,630 Reputation points Microsoft External Staff Moderator

2025-05-22T03:31:39.7+00:00

Hello Dave Murray,

Just checking in to see if you had a chance to review the suggestions shared by Raja Pothuraju earlier. Were you able to check the certificate-based authentication and conditional access settings for the affected user? Let us know if the issue persists.

Answer 1

Hello @Dave Murray,

The "certificate validation failed" error typically occurs when the user is enabled for the Certificate-based Authentication (CBA) method in the tenant or when a Conditional Access policy is configured to require CBA exclusively. Please refer to the screenshot below so we're on the same page.

User's image

Based on your description, it appears that you haven’t explicitly enabled CBA for any users in the tenant, but your colleague is still encountering this issue.

There are two areas we need to verify:

Authentication Methods Policy Please check whether the CBA method is enabled in your tenant and if any users are included in that policy. You can navigate to: Microsoft Entra ID → Security → Authentication methods → Certificate-based Authentication

If CBA is in use, try disabling it for troubleshooting purposes.

User's image

Conditional Access Policies Review the Conditional Access policies applied to the user's account and check whether any policy is configured with “Require authentication strength” as a grant control. If such a configuration exists and includes a requirement for CBA, it could explain the issue.

User's image

Please verify the above steps. If the user is not targeted by either of these configurations and is still encountering the certificate validation error, we can investigate this further offline.

Share via

azure login certificate validation failed

1 answer

Your answer