This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 54%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHH%3C/text%3E%3C/svg%3E)
Have a ces/ cep server with two ces cep instances.
Username/password keybased renewal allowed
Certificatebased renewalonly
The gpo sets an order of certificate based as default and username password as second
The initial request happens via username password. When the certificate is issued and installed, i test the renewal winch happens perfectly via the certificate based policy.
When i delete the policycache, the renewal breaks ( acquired as silent error) and starts asking for credentials again. So it works as expected as long as the policycache is there which contains the cached password i guess. The cache is only valid for 8 h
Need a situation in which without cache the certificate is used for authentication. Anybody knows how to realize this?
Have already read most articles mentioning the same issue.
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
When you delete the policy cache, Azure AD Conditional Access policies are re-evaluated, and if the certificate-based policy is not met (e.g., because the certificate-based policy might have conditions or requirements that are not met at that moment), Azure AD falls back to other available methods, such as username/password.