Certificate errors in Zero Trust Network Access
In this topic, you will learn how to troubleshoot the most common problems with certificates used for Portnox Zero Trust Network Access and accessed by web browsers.
| Symptom | Cause | Solutions |
|---|---|---|
| The browser informs that there is no certificate or the certificate is invalid | The browser still has an old certificate cached (this is the most common cause). | Fully restart the browser. Close all browser windows and wait at least a few seconds before restarting the browser. If this does not help, use your operating system’s task management to kill all browser tasks. |
| AgentP is not installed and enrolled, and the device is not managed by Intune or Jamf or does not have a Portnox SCEP certificate. | Install AgentP and enroll the user that you want to access the application or configure the device to be managed by Intune or Jamf and to request a SCEP certificate from Portnox Cloud. | |
| The user enrolled in Intune/Jamf/AgentP and the user accessing the application are different. | Check that the enrolled user is the same user as in the application (the same email address). | |
| The device is managed using a different Intune/Jamf tenant than the Intune/Jamf tenant that is integrated with Portnox Cloud. | If your organization uses multiple Intune/Jamf tenants, make sure that the tenant that the device is enrolled with is the same tenant that is integrated in Portnox Cloud. | |
| The browser is not supported. | In rare cases, the browser has no access to the certificates in the operating system, and you cannot use such browsers with Zero Trust Network Access. Known unsupported browsers: All browsers on iOS except Safari, Firefox on Android, Opera Mini on Android. Use a supported browser to access the applications. | |
| The certificate that you need is in the Computer Store (Windows only). | Windows browsers only access certificates that are in the User Store. | |
| The stored certificate choices are incorrect (Microsoft Edge only). | Reset certificate choices in Microsoft Edge. Click on the lock symbol to the left of the address bar. Select: Your certificate choices > Reset certificate choices > Reset choices. Restart Microsoft Edge. | |
| Certificate is invalid after installing Avast Antivirus on macOS | During the installation of the Avast Antivirus on macOS, Avast requires you to allow it to make changes to the system’s trusted certificate settings. This invalidates the Zero Trust Network Access certificates. This step is not optional in Avast and cannot be skipped during installation. |
Use another antivirus solution. We tested Bitdefender and Malwarebytes and found that neither of them causes such problems. Avast takes over control of system certificates and unenrolling and enrolling AgentP does not solve the problem. There is no known workaround. |