Orchestrator SSL Settings

Our local security policy requires that under Orchestrator’s site “SSL Settings” in IIS, under “Client Certificates” the “Required” item be selected. But if this is chosen (instead of “Ignore” or “Accept”) we receive “Forbidden” when attempting to connect from the Robot software to Orchestrator. The connection is successful if “Ignore” or “Accept” are selected. I assume this behavior is due to the fact we are using the Machine Key to essentially “authenticate” the robot to Orchestrator and NOT an SSL certificate for the robot, correct? We are using a domain certificate for the Orchestrator server and that certificate (as is it’s Root CA) is added to the trust store on the Robot laptop. If “Required” is selected the robot has no SSL certificate to send to the Orchestrator web application. Is there a way to get the Robot to Orchestrator SSL connection to work with “Client Certificate” “Required” selected?

Thank you,