search cancel

Smart Card authentication to the Endpoint Protection Manager console fails with certificate validation error

book

Article ID: 174663

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When attempting to login to the Endpoint Protection Manager (SEPM) console or remote console, the login fails with the following error:

"An error occurred while validating the certificate for your login request. Please try logging-in again and if the error persists, please contact the administrator."

scm-ui-2019-05-07-11-24-11-011.err
May 7, 2019 11:33:42 AM  STDERR: com.sygate.scm.console.util.ConsoleException: An error occurred while validating the certificate for your login request. Please try logging-in again and if the error persists, please contact the administrator.  [0x14010000]
May 7, 2019 11:33:42 AM  STDERR:     at com.sygate.scm.console.ui.LoginPanel.login(LoginPanel.java:1105)
May 7, 2019 11:33:42 AM  STDERR:     at com.sygate.scm.console.ui.LoginPanel$7$1.construct(LoginPanel.java:718)
May 7, 2019 11:33:42 AM  STDERR:     at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:153)
May 7, 2019 11:33:42 AM  STDERR:     at java.lang.Thread.run(Unknown Source)

Cause

This error occurs when the certificate path for the user's smart card certificate cannot be validated. 

Resolution

Ensure that the certificates listed in smartcard.pem (\SEPM dir\apache\conf\ssl) have the correct path to the user's certificate.  For example, if a user's certificate path is user.cer > intermediate1.cer > intermediate2.cer > root.cer, then smartcard.pem should only include the following certificates in base64 format:

smartcard.pem
-----BEGIN CERTIFICATE-----
intermediate1.cer base64 text
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate2.cer base64 text
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root.cer base64 text
-----END CERTIFICATE-----