I am having problems using certificate checking on the role level. Tested this on the realm level and it works ok.
Generating a client cert on a machine. Importing this into the local computer store in personal certificates and enrollment certificate requests, and then also putting this certificate into the user personal certificate store. Then getting this certificate and installing it on the Client CA area on the IVE and the Server CA area. Also setup the root CA and the CRL checking options.
So the certificate is everywhere at the moment. Then I have set the role to only allow clients who match with the CRL checking options.
Try to log into this role and it fails.
Put the same settings on the realm, and it works ok. Does this not work at the role level, or am I missing something here ?