000026406 - How do you use a  SID800 with multiple certificates and Windows credential provider?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026406
Applies ToRSA SID800
RSA SecurID SID800 Authenticator (USB token)
Microsoft Windows 7 Professional
Microsoft Windows 2008 Server
Microsoft Windows Credential Provider
Microsoft certificate-based logon
IssueHow do you use a  SID800 with multiple certificates and Windows credential provider?
Only one certificate on the SID800 is being seen at logon screen
SID800 with two valid certificates from a Windows 2003 CA. When authenticating to a system, only the certificate marked as default in the RSA Control Center is displayed. How do you configure the system to display both certificates for the user to choose from?
Resolution

A Microsoft GPO policy to show all certificates at logon needs to be updated.


http://technet.microsoft.com/en-us/library/ff404287(WS.10).aspx?ppud=4


Update these GPO settings:


Force the reading of all certificates from the smart card


Filter duplicate logon certificates



Or by registry:


http://gp.gekki.net/administrative-templates/?/policy/2073/Forcethereadingofallcertificatesfromthesmartcard


You should see two logon tiles, one for each certificate.

Legacy Article IDa50496

Attachments

    Outcomes