Setting up Client Certificate Authentication

Product: PowerShell Universal
Version: 2.11.1

Hi, unfortunately i’m having some trouble getting Client Certificate Authentication to work.

I’ve modified my appsettings.json file like mentioned in the docs but where do i put the Client Certificates that the Server should verify?

With that config the Server starts with no problems, but i’m unable to get any further after choosing the Certificate to use in the Browser.

Here’s my custom appsettings.json

    "Kestrel": {
      "Endpoints": {
        "HTTP": {
          "Url": "http://*:80"
        "HttpsFromPem": {
          "Url": "https://*:443",
          "ClientCertificateMode": "RequireCertificate",
          "Certificate": {
            "Path": "/usr/share/PowerShellUniversal/ssl/crt.pem",
            "KeyPath": "/usr/share/PowerShellUniversal/ssl/key.pem"
      "RedirectToHttps": "true"
    "ClientCertificate": {
        "Enabled": "true"

The certificate is provided with the $User info to the roles.ps1 scripts. You will be able to verify the client certificate thumbprint in there and reject the user if a valid cert isn’t provided.

Thanks. I dug a little deaper into it and apparently the roles.ps1 scipt is never called on linux.
I’m running Ubuntu Server 20.04.

When i recreate the same settings in Windows (even with the same HttpsFromPem endpoint), it works.
Any Idea why that is? The logs don’t show any Infos on that…