The entire certificate chain must be valid for users to successfully access Okta for the Multi-Factor authentication step in establishing a Remote Desktop Session. The following error may be seen when a user cannot access Okta to perform the Multi-Factor Authentication (MFA).
Content was blocked because it was not signed by a valid security certificate.
- Windows Credential Provider
- Remote Desktop Protocol (RDP)
Certificates are either missing, revoked, or untrusted during the RDP session's login step. In that case, the user cannot authenticate, and the Okta sign-in page is blocked.
In case of a Content was blocked because it was not signed by a valid security certificate error, check the entire certificate hierarchy.
DigiCert issues Okta certificates and will require the DigiCert certificate to be present and valid on the user's device.
Currently, Okta Root CA is DigiCert Global Root CA. The Root Certificate can be found in Manage user certificates > Third-Party Root Certification Authorities > Certificates.
NOTE:
- DigiCert Root CA may change anytime, so check the server's Okta Certificate Chain to see if it exists. This is usually pre-installed on a Windows machine. If run, some Windows Updates should also be updated, but they may not be there due to some restrictions or policies.
- If the Root CA cannot be found, go to DigiCert Trusted Root Authority Certificates and manually download the correct Root CA (verify the correct Serial Number).
Related References
