A certificate that is not self-signed exists in the AdfsTrustedDevices certificate store

If a CA issued certificate is in a certificate store where only self-signed certificates would normally exist, the CTL generated from the store would only contain the CA issued certificate. The AdfsTrustedDevices certificate store is such a store that is supposed to have only self-signed certificates. These certificates are:

  • MS-Organization-Access: The self-signed certificate used for issuing workplace join certificates.

  • ADFS Proxy Trust: The certificates for each Web Application Proxy server.

AdfsTrustedDevices certificates

Therefore, delete any CA issued certificate from the AdfsTrustedDevices certificate store.

Is the problem solved?

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.