01-29-2026 01:57 AM
Hello Team,
I'm currently dealing with an issue where UIA is unable to validate certification.
The certificate does not have a SAN setting.
I plan to change the certificate to one that has both CN and SAN set, but have not been able to do so yet.
The certificate validation has occurred since applying an OS patch, so I have asked the OS vendor to investigate.
The OS vendor has stated that there is no Schannel SSP communication when the issue occurs.
The OS vendor has asked me to confirm whether UIA uses Schannel SSP.
Does anyone have information on whether UIA uses Schannel SSP for SSL/TLS communication?
Regards,
Yusuke Narita
03-08-2026 12:43 AM
The User-ID Agent (UIA) runs as a Windows service and relies on the Windows TLS/SSL stack for secure communication. Therefore, TLS operations performed by the agent use the native Windows cryptographic libraries, which include Schannel (Secure Channel SSP).
In other words, SSL/TLS communication initiated by the User-ID Agent is handled through the Windows security infrastructure and therefore utilizes Schannel SSP for certificate validation and TLS negotiation.
Regarding the certificate validation issue, it is possible that the recent OS patch introduced stricter certificate validation requirements. Modern Windows updates often require the Subject Alternative Name (SAN) extension for proper certificate validation, and certificates that only contain the Common Name (CN) may fail validation in some cases.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
