Use this guide to verify user PIV/CAC authentication to AMS.
Note: This guide assumes a user is receiving a "page can't be displayed" or "SSL error", such as the example image show below.
AMS certificate should appear EXACTLY as shown in the 3rd image above. If the certificate appears differently, the user's SSL connections are being managed by a proxy or security device.
How to resolve: Work with network or laptop support to whitelist *.hhs.gov sites.
The Certificate Path will vary based on user Certificate, HOWEVER, each Root in the chain SHOULD NOT be expired or invalid.
How to resolve: Remove/update/untrust any expired certificates. See “Appendix A: How to Untrust a CA certificate” for detailed instructions or contact IT Support for assistance.
If the user DOES NOT receive a PIN prompt after Step 3 above, there may be an issue with the certificate (i.e., expired or an old cached certificate) or the reader, device, or PIV card.
How to resolve: Follow certificate remove/clear cache steps. If the issue is still not resolved, contact the User’s IT Support Desk.
If the PIV Certificate Validator page retrieves an "INVALID" Validation Result, or if the page does not populate with data at all, then there is an issue with the certificate or chain.
How to resolve: Contact the User’s IT Support Desk.