<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
IWA SSL Certificate Cannot Be Trusted
Jun 19, 2025
Directories
Overview

This article explains the function of the SSL Certificate labeled "Okta SSO IWA Certificate" in the IIS Personal Certificate Store of the IWA Agent Server.

Applies To
  • Directories
  • Active Directory (AD)
  • Integrated Web Authentication (IWA)
  • Desktop Single Sign On (DSSO)
  • IWA SSO Agent
Cause
This self-signed certificate is installed by default by the IWA Agent installer. Some vulnerability scanners may flag this certificate as being self-signed.
Solution

IWA Agent-based Desktop SSO relies on this certificate for basic functionality. The certificate cannot be removed if IWA Desktop SSO is in use. Agentless DSSO needs to be configured to migrate away from IWA Desktop SSO if the certificate must be removed.

 

Related References

Recommended content

Still looking for help?
Loading
IWA SSL Certificate Cannot Be Trusted