This article explains how to verify that the Device Trust client certificate matches the one stored on the user's local macOS machine. Since there is no Event info showing the expiration date in Okta System Logs, verify if the client certificate matches the one on the user's local machine.

• Device Trust
• Okta Classic Engine
• macOS

1. Log in to Okta Admin Console.

2. Search for the user's certificate profile.

   1. For example: [User's name + certificate]

3. With Targets showing: CN: "CN=Okta MTLS, O=Username CompanyName............"

   Click the Event Info with "Authentication of device via certificate success" and click Expand All.

4. Compare the Client Certificate (Key ID) vs Okta System Logs: Scroll all the way down to Target > ID.