Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8958: MFA with DirectControl fails with SSL connection error

Authentication Service ,  

14 July,17 at 03:45 PM


When attempting to log in with a user that requires MFA the following error is presented:
SSL Connection Error


This error is due to a certificate problem. A required certificate may be missing or unable to be read. 
Please ensure the Centrify Direct Control agent is 5.3.1-402 or greater.


Please run the following to check for errors: 

Open the log created by this utilitiy and check for the following error message:
Trying SPNEGO (GSSAPI/Kerberos) negotiation failed.

Solution/Troubleshooting Steps:
1. Check if Cloud connector certificate was properly uploaded to the machine: 
Download the IWA root CA certificate:
Setting->Network->Cloud Connectors->Cloud Connector configuration->IWA Service" page on cloud admin portal
Apply to GP:
Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification Authorities.
/var/centrify/net/certs if the certificates have been added. 
          2. Check if "Enable Web Server" is set and HTTPS is enabled for this connector 
          3. Check if "Allow IWA connections" is set under "Policy->Default Policy->User Security Policies->Login              Authentication".
          4. Check if Centrify cloud connector is running properly.
          5. Check if Centrify cloud connector is listening on the Web Server port (Default 8443). 

If you upgraded to 5.4.1 or above please review:
KB-8961: MFA with DirectControl fails after upgrading to 5.4.1