How to change the default CSP (usually 'Microsoft Enhanced Cryptographic Provider v1.0') to another default on enrollment page
Originally Published: 2009-03-03
Article Number
Applies To
RSA Registration Manager 6.7
Microsoft Internet Explorer
Issue
When a user attempts to enroll for a certificate using Microsoft Internet Explorer through RSA Certificate Manager (RCM) or RSA Registration Manager (RRM) enrollment page at https://<FQDN>:443/request-msie.xuda?domainID=xxxxxx, the list of crypto providers defaults to either "Microsoft Enhanced Cryptographic Provider v1.0" or "Microsoft Base Cryptographic Provider v1.0". How can the default be changed from Microsoft CSP to another Cryptographic Service Provider (say, "Microsoft Strong Cryptographic Provider")?
Resolution
1. Make a backup of <RCM-or-RRM-install-dir>\WebServer\enroll-server\icontrol.vbs
2. Using a text editor, update <RCM-or-RRM-install-dir>\WebServer\enroll-server\icontrol.vbs as instructed below
3. Search for the function definition "Sub FindProviders_certenroll(ProviderTypes, elementName)" and update the function as follows:
3.1. Search for the following line:
Dim csp1Index, csp2Index, cspCount
Add the following line immediately AFTER the above line to define a new variable "mycsp0Index":
Dim mycsp0Index
3.2. Search for the following line:
csp2Index = -1
Add the following line immediately AFTER the above line to initialize the new variable "mycsp0Index":
mycsp0Index = -1
3.3. Search for the following line:
If selection.text = "Microsoft Base Cryptographic Provider v1.0" Then
csp2Index = runningTotal
End If
Add the following lines immediately AFTER the above lines to set the new variable "mycsp0Index" if the preferred CSP found:
If provider = "Microsoft Strong Cryptographic Provider" Then
mycsp0Index = runningTotal
End If
3.4. Search for the following line:
If csp1Index > -1 Then
document.all(elementName).options.selectedIndex = csp1Index
End If
Add the following lines immediately AFTER the above lines to set the preferred CSP as default:
If mycsp0Index > -1 Then
document.all(elementName).options.selectedIndex = mycsp0Index
End If
4. Search for the function definition "Sub FindProviders_xenroll(ProviderTypes, elementName)" and update the function following the same steps as 3.1. through 3.4.
5. Save the above changes to icontrol.vbs
6. The enrollment page should now show "Microsoft Strong Cryptographic Provider" (or your preferred CSP), if available, as the default provider in the CSP list
Note that any future hot fixes or patches applied to your RSA Certificate Manager or RSA Registration Manager installation may overwrite the above changes. In that case, make the above edits again in an updated version of icontrol.vbs.
Related Articles
How to change the default Oracle Statistics History Retention period for RSA Identity Governance & Lifecycle Number of Views Default token policy change prompts every user to change their PIN in RSA Authentication Manager 8.x Number of Views Redirecting the location of the RSA Identity Governance & Lifecycle aveksaServer.log file from the default location to ano… Number of Views How to change the default life time when issuing a new certificate Number of Views How to stop RSA Via Lifecycle & Governance (IMG) review items from reverting back to the default state after a change requ… Number of Views
Trending Articles
Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device
Don't see what you're looking for?
