Certificate errors in Conditional Access for Applications

In this topic, you will learn how to troubleshoot the most common problems with certificates used for Portnox Conditional Access to Applications and accessed by web browsers.

Symptom Cause Solutions
The browser informs that there is no certificate or the certificate is invalid The browser still has an old certificate cached (this is the most common cause). Fully restart the browser. Close all browser windows and wait at least a few seconds before restarting the browser. If this does not help, use your operating system’s task management to kill all browser tasks.
AgentP is not installed and enrolled. Install AgentP and enroll the user that you want to access the application.
The user enrolled in AgentP and the user accessing the application are different. Check that the user enrolled in AgentP is the same user as in the application (the same email address). If not, unenroll AgentP and enroll it again with the correct user.
The browser is not supported. In rare cases, the browser has no access to the certificates in the operating system, and you cannot use such browsers with Conditional Access. Known unsupported browsers: All browsers on iOS except Safari, Firefox on Android, Opera Mini on Android. Use a supported browser to access the applications.
The stored certificate choices are incorrect (Microsoft Edge only). Reset certificate choices in Microsoft Edge. Click on the lock symbol to the left of the address bar. Select: Your certificate choices > Reset certificate choices > Reset choices. Restart Microsoft Edge.
Certificate is invalid after installing Avast Antivirus on macOS

During the installation of the Avast Antivirus on macOS, Avast requires you to allow it to make changes to the system’s trusted certificate settings. This invalidates the Conditional Access certificates. This step is not optional in Avast and cannot be skipped during installation.

Use another antivirus solution. We tested Bitdefender and Malwarebytes and found that neither of them causes such problems. Avast takes over control of system certificates and unenrolling and enrolling AgentP does not solve the problem. There is no known workaround.