Share via

How to fix ClientCertificateCredential authentication failed:

Rustin Davitt 20 Reputation points
2025-01-06T00:14:14.23+00:00

I am getting this error on some Pipelines that I have inherited from a now departed colleague, I am unsure exactly how to fix this issue. Does anyone have any experience with this issue and a solution?

ClientCertificateCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700027: The certificate with identifier used to sign the client assertion is expired on application. Reason - The key used is expired., Found key 'Start=12/21/2023 22:25:20, End=12/21/2024 22:35:20', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id '*'.**

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,991 questions
0 comments
Accepted answer
  1. Raja Pothuraju 11,515 Reputation points Microsoft Vendor
    2025-01-06T07:54:28.17+00:00

    Hello @Rustin Davitt,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, it appears that the existing client credential for your application expired on 12/21/2024 at 22:35:20.

    To resolve this issue, you need to update the Client Certificate Credential for the application. Please follow these steps to identify and update the client certificate in the Azure Portal:

    1. Sign in to the Azure Portal with an account that has at least Security Administrator permissions.
    2. Navigate to Microsoft Entra ID > App Registrations, and locate the application requiring credential rotation.
    3. Go to the Certificates & Secrets section of the app registration.
    4. Select the credential type you need to rotate. Depending on the type, proceed to either the Certificates or Client Secret tab and follow the prompts to update.
    5. After successfully adding the new certificate or secret, update the service code to ensure it works with the new credential and does not disrupt users.
    6. Once the new credential has been validated, return to App Registrations > Certificates & Secrets for the application and remove the expired credential.

    For further details, you can refer to the official Microsoft documentation and screenshot below:

    Screenshot of the Certificates and secrets section of Microsoft Entra ID.

    Renew expiring application credential

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.