Certificate question

hi everyone

during some restructuring we came across a request that seems to be filled with a lie. no one in my dept seems ot think it makes any sense what so ever but thought someone here might have an idea why or could help dispell the lie

we have a HR company we just restructured and they became part of another company... because this company is publicly traded we are subject IT audits. So we have to enforce a password policy

they told us today they can not change their password because it breaks their Certificates issued by ADP for payroll if they do it and ADP needs ot re-issue the certs each time

the certificates are used to access a secured website and then you need to provide credentials for that site

to me and the rest on my dept it seems to make no sense that changing a windows password would effect a certificate used for a website

apparently an old boss of mine told them that changing the password would break the certificate or one day when someone changed the theri password it broke the cert and he attributed it ot that

I admit I'm from for an expert with certificates but this does not seem logical

we are going to contact the issuer (ADP) to confirm or deny but thought I'd get peopels thoughts here as well

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Smallguy

sorry could someone please move this to the off topic

Smallguy

I';m guessing with the number of views no one thinks I've lost it so far

or does my question not make sense

dynamik

I'd just contact the company. Accounting software can be really **** when it comes to stuff like that. It sounds a bit absurd, but you never know...

dtlokee

It could make sense as a safe guard from preventing an admin chainging the users PW in Active Directory then logging onto the computer and using the payroll software to writh themselves a big fat bonus check

Similar to what EFS will do if you change a user's password.

I would call the application vendor.

Smallguy

dtlokee wrote:

It could make sense as a safe guard from preventing an admin chainging the users PW in Active Directory then logging onto the computer and using the payroll software to writh themselves a big fat bonus check

Similar to what EFS will do if you change a user's password.

I would call the application vendor.

that is where we are going with it

because if that is the case we might need a formal letter from ADP stating that changing passwords breaks the cert just to keep auditors happy.

blargoe

It's just a web certificate? You should be able to change the password. I think my company is using the same software and we don't have any kind of weirdness for password changes.

Smallguy

blargoe wrote:

It's just a web certificate? You should be able to change the password. I think my company is using the same software and we don't have any kind of weirdness for password changes.

it is a certificate to enter the pay roll portion of their website

once in that website you still need to authenticate via a user name and password

so the Cert is only used to prove one's Identity