<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Users Receive "Certificate validation failed" Error Message while Trying to Log in with PIV Card
Oct 13, 2025
Okta Classic Engine
Multi-Factor Authentication
Overview

Users receive the following error message while trying to log in with a PIV card:

Certificate validation failed. Try again by quitting the browser then selecting another certificate.
 

Error Message

 
Applies To
  • PIV card
  • Certificate
  • Sign-in
  • Okta Classic Engine
Cause

This error generally occurs when one of the intermediate certificate authorities is missing from the certificate chain. Compare the certificate provided by the security team to the one uploaded to Okta and make sure the chain is complete and does not miss any intermediate Certificate Authority (CA). 

For example, a certificate uploaded to Okta may look like this:
certificate uploaded to Okta 

However, the complete certificate chain may contain additional intermediate CAs:

intermediate CAs 

As per the above screenshots, one of the intermediate certificate authorities is missing, which will cause certificate validation failure.

Chain of trust

Solution
Re-upload the corrected certificate via Okta's admin console.

Recommended content

Still looking for help?
Loading
Users Receive "Certificate validation failed" Error Message while Trying to Log in with PIV Card