000014343 - How to change the default CSP (usually 'Microsoft Enhanced Cryptographic Provider v1.0') to another default on enrollment page

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014343
Applies ToRSA Certificate Manager 6.7
RSA Registration Manager 6.7
Microsoft Internet Explorer
IssueHow to change the default CSP (usually "Microsoft Enhanced Cryptographic Provider v1.0") to another default on enrollment page
When a user attempts to enroll for a certificate using Microsoft Internet Explorer through RSA Certificate Manager (RCM) or RSA Registration Manager (RRM) enrollment page at https://<FQDN>:443/request-msie.xuda?domainID=xxxxxx, the list of crypto providers defaults to either "Microsoft Enhanced Cryptographic Provider v1.0" or "Microsoft Base Cryptographic Provider v1.0". How can the default be changed from Microsoft CSP to another Cryptographic Service Provider (say, "Microsoft Strong Cryptographic Provider")?
ResolutionRSA Certificate Manager or RSA Registration Manager enrollment pages can be updated to change the default Cryptographic Service Provider (to, say, "Microsoft Strong Cryptographic Provider"). Follow the instructions listed below (tested with RSA Certificate Manager 6.7 build 422 using Microsoft Internet Explorer):

1. Make a backup of <RCM-or-RRM-install-dir>\WebServer\enroll-server\icontrol.vbs

2. Using a text editor, update <RCM-or-RRM-install-dir>\WebServer\enroll-server\icontrol.vbs as instructed below

3. Search for the function definition "Sub FindProviders_certenroll(ProviderTypes, elementName)" and update the function as follows:

3.1. Search for the following line:

    Dim csp1Index, csp2Index, cspCount

    Add the following line immediately AFTER the above line to define a new variable "mycsp0Index":

    Dim mycsp0Index

3.2. Search for the following line:

    csp2Index = -1

    Add the following line immediately AFTER the above line to initialize the new variable "mycsp0Index":

    mycsp0Index = -1

3.3. Search for the following line:

    If selection.text = "Microsoft Base Cryptographic Provider v1.0" Then
        csp2Index = runningTotal
    End If

    Add the following lines immediately AFTER the above lines to set the new variable "mycsp0Index" if the preferred CSP found:

    If provider = "Microsoft Strong Cryptographic Provider" Then
        mycsp0Index = runningTotal
    End If

3.4. Search for the following line:

    If csp1Index > -1 Then
         document.all(elementName).options.selectedIndex = csp1Index
    End If

   Add the following lines immediately AFTER the above lines to set the preferred CSP as default:

    If mycsp0Index > -1 Then
         document.all(elementName).options.selectedIndex = mycsp0Index
    End If

4. Search for the function definition "Sub FindProviders_xenroll(ProviderTypes, elementName)" and update the function following the same steps as 3.1. through 3.4.

5. Save the above changes to icontrol.vbs

6. The enrollment page should now show "Microsoft Strong Cryptographic Provider" (or your preferred CSP), if available, as the default provider in the CSP list

Note that any future hot fixes or patches applied to your RSA Certificate Manager or RSA Registration Manager installation may overwrite the above changes.  In that case, make the above edits again in an updated version of icontrol.vbs.
Legacy Article IDa44846

Attachments

    Outcomes