Knowledge Base

Scenario

When testing IOT Enrollment with EST using the client auth certificate generated in Account Manager, enrollments will fail.

You can verify the error using Postman.

When configuring the client auth cert in Postman using both PFX format or uploading the .crt and .key files of the client auth cert, the request fails with the below error:

{

    "errors": [

        {

            "code": "access_denied",

            "message": "No authentication provided. Please use passcode or client certificate authentication"

        }

    ]

}

Solution

For EST enrollments, you cannot use the client auth cert from the Account Manager.

When creating an authentication CA Template for the enrollment profile in use, under Enrollment configurations in IOT Manager, upload a CA and select the option "Allow all certificates from this CA to be used as authentication credentials in this enrollment profile." and then Save when adding a certificate issued under the uploaded CA and the certificates associated private key.

Verify enrollments in Postman after making the above changes and the enrollments will succeed.

If you run into issues and need assistance, please Contact DigiCert PKI Support.