How to change the default CSP (usually 'Microsoft Enhanced Cryptographic Provider v1.0') to another default on enrollment page
Originally Published: 2009-03-03
Article Number
Applies To
RSA Registration Manager 6.7
Microsoft Internet Explorer
Issue
When a user attempts to enroll for a certificate using Microsoft Internet Explorer through RSA Certificate Manager (RCM) or RSA Registration Manager (RRM) enrollment page at https://<FQDN>:443/request-msie.xuda?domainID=xxxxxx, the list of crypto providers defaults to either "Microsoft Enhanced Cryptographic Provider v1.0" or "Microsoft Base Cryptographic Provider v1.0". How can the default be changed from Microsoft CSP to another Cryptographic Service Provider (say, "Microsoft Strong Cryptographic Provider")?
Resolution
1. Make a backup of <RCM-or-RRM-install-dir>\WebServer\enroll-server\icontrol.vbs
2. Using a text editor, update <RCM-or-RRM-install-dir>\WebServer\enroll-server\icontrol.vbs as instructed below
3. Search for the function definition "Sub FindProviders_certenroll(ProviderTypes, elementName)" and update the function as follows:
3.1. Search for the following line:
Dim csp1Index, csp2Index, cspCount
Add the following line immediately AFTER the above line to define a new variable "mycsp0Index":
Dim mycsp0Index
3.2. Search for the following line:
csp2Index = -1
Add the following line immediately AFTER the above line to initialize the new variable "mycsp0Index":
mycsp0Index = -1
3.3. Search for the following line:
If selection.text = "Microsoft Base Cryptographic Provider v1.0" Then
csp2Index = runningTotal
End If
Add the following lines immediately AFTER the above lines to set the new variable "mycsp0Index" if the preferred CSP found:
If provider = "Microsoft Strong Cryptographic Provider" Then
mycsp0Index = runningTotal
End If
3.4. Search for the following line:
If csp1Index > -1 Then
document.all(elementName).options.selectedIndex = csp1Index
End If
Add the following lines immediately AFTER the above lines to set the preferred CSP as default:
If mycsp0Index > -1 Then
document.all(elementName).options.selectedIndex = mycsp0Index
End If
4. Search for the function definition "Sub FindProviders_xenroll(ProviderTypes, elementName)" and update the function following the same steps as 3.1. through 3.4.
5. Save the above changes to icontrol.vbs
6. The enrollment page should now show "Microsoft Strong Cryptographic Provider" (or your preferred CSP), if available, as the default provider in the CSP list
Note that any future hot fixes or patches applied to your RSA Certificate Manager or RSA Registration Manager installation may overwrite the above changes. In that case, make the above edits again in an updated version of icontrol.vbs.
Related Articles
Queries to detect workflows and change requests that could overload the Workpoint Server in RSA Identity Governance & Life… Number of Views How to change the explicit Change Request (CR) name to include the CR details in name section in RSA Identity Governance a… Number of Views How to find your Customer ID (Site ID) within the myRSA website Number of Views Port Traffic for RSA Authentication Manager Number of Views Default token policy change prompts every user to change their PIN in RSA Authentication Manager 8.x Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
