This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 75%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hello all.
I've followed instructions to set up windows event forwarding to a remote collector using HTTPS (since the collector is a non-domain machine). Everything seems to work great, except in the case where the forwarder (client) has an existing client certificate in the certificate store that is also allowed to be used for client authentication (seems even if it is not named using the machine's FQDN). For instance -- if I have a Certificate Authority installed on the machine and the CA certificate is in the certificate store, and it's marked as available for all purposes, the client certificate I generated specifically for use for the WinRM / WEF setup doesn't necessarily get used to authenticate to the remote WEC. Is there a way to configure a thumbprint of the certificate that should be used in this case?
Thanks in advance.
Kendal
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 21%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi, I just found this question after days and days of searching. I have EXACTLY the same problem and the same scenario.
Has Microsoft released any solution for this?
If my server only has ONE certificate, it works, but as soon as I implement this config on a server with severals certifiactes in the 'Personal' store, it breaks down. :/
I have never seen a soution for the problem. We've always seemed to work around it by finding servers it works on and rebuilding others until it works, unfortunately.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 40%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMX%3C/text%3E%3C/svg%3E)
I think the issue is the same here : https://learn.microsoft.com/en-us/answers/questions/1185804/(bug-)-how-to-specify-client-certificate-used-for?page=1&orderby=Helpful#answers
It select the certificate with the highest thumbprint. So a partial solution seems to be to renew the certificate till the thumbprint is the highest of all the certificates.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 7.000000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
@MORAND Xavier it certainly explains how it works and why it happens, which is very useful.
Unfortunately for those of us who have/had environments where (through no choice of ours) there isn't a unified approach to certification it wouldn't stop the issue from occurring - so if you've got a happily working environment but then another team or organisation rolls out an updated cert with a blank subject, which could have a thumbprint which causes us an issue.
Oh, that's really interesting. Thanks for sharing, I hadn't run across that information before.