A 'Select a Certificate' pop-up is displayed to users when logging into the instanceIssue This scenario occurs when we activate and set up the Certificate Based Authentication feature. Notably, the "Select a Certificate" prompt is not generated by the ServiceNow application or Load balancer; instead, it appears at the browser level. This behavior is anticipated. As part of the Certificate Based Authentication feature implementation, mTLS is enabled at the instance level, once the mTLS is enabled, ServiceNow Load balancer presents the "Certificate Request" message during the 2-way SSL handshake. During the configuration of Certificate Based Authentication, users upload their Root CA certificate to the sys_ca_certificate table, and the same will be uploaded to the ServiceNow load balancer. Following the upload of the Root CA certificate to the ServiceNow load balancer, the ServiceNow Load balancer begins appending the Distinguished Name of the uploaded Root CA to the "Certificate Request" message post which the browser presents "Select a Certificate" prompt if the issuer of the uploaded Root CA certificate is present in the browser certificate store. Kindly note that the browser will only present the "Select a Certificate" pop-up if its certificate store contains a certificate that was proffered in the "Certificate Request" message. CauseAs mentioned above, this is an expected behavior. The "Select a Certificate" prompt is not generated by the ServiceNow application or Load balancer, this message is presented at the browser level.ResolutionThe "Select a Certificate" prompt will not affect the login process. Users may choose to click on "Cancel" to proceed with the login. If users wish to avoid encountering the "Select a Certificate" prompt at the browser level, they have the option to remove the certificate from the browser certificate store. Alternatively, when configuring Certificate Based Authentication, users have the option to upload a certificate with a different issuer in the sys_ca_certificate table compared to the issuer present in the browser's certificate store.Related LinksDeleting the uploaded Root CA certificate at the ServiceNow load balancer also resolves this, but it is not advisable, as doing so may disrupt the integration where the uploaded Root CA certificate is utilized.