ATTENTION all DigiCert customers who mint certificates for Sitecore's XConnect. They have discontinued automatically adding the Client Authentication extended usage to the cert.
See their bulletin here:
Sunsetting the client authentication EKU from DigiCert public TLS certificates
If you aren't careful and ignore the extra radio button selection during the creation of the certificate, you will have unhealthy XConnect services. And you'll spend hours troubleshooting the configs, thumbprint values, key permissions, etc. Because the error message is a familiar client validation error.
Message: The HTTP response was not successful: Forbidden
Sitecore also provides some helpful troubleshooting steps in case this issue is unrelated to your errors. Check them out here: How-to's - Troubleshooting xConnect certificate issues
Notice that the DigiCert announcement also warns that you'll have to plan accordingly for anything minted after May 1, 2026.
No comments:
Post a Comment