The certificate's CN name does not match the passed value

Sam Na 46 Reputation points
2022-02-06T19:10:46.153+00:00

Hi,

We noticed some issues when it comes to EAP-TLS communications and when we ran the Powershell command "Get-ChildItem -Path Cert:\localMachine\My | Test-Certificate -Policy SSL -DNSName "dns=contoso.com" on the client computer, the computer certificate showed " The certificate's CN name does not match the passed value " error.

The subject certificate was issued by Certificate Authority using the computer template.

Not sure where to look for exactly as the certificate shows the CN as the DNS name of the PC that seems to be correct.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rich Matheisen 47,901 Reputation points
    2022-02-06T20:41:58.673+00:00

    What's in the subject alternative name on the certificate?

    From the help for Test-Certificate:

    If the DNSName parameter is used, then the DNS subject alternative name is used to verify SSL policy.


  2. Vadims Podāns 9,186 Reputation points MVP
    2022-02-07T11:08:00.547+00:00

    The certificate's CN name does not match the passed value " error.

    that's because client certificate is not valid/responsible for entire domain, it is valid for particular client host only.

    not sure why Microsoft's example shows a dns=contosoc.com!!!

    because it is an example. You have to insert your desired name which matches the client host FQDN.

    This means that your issues with RADIUS lie elsewhere. It would be better if you start a new thread and provide RADIUS configuration and relevant logs with error. Either, client and/or RADIUS certificate fails validation.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.