Request a client certificate with Internet Explorer
Requesting a client certificate with Internet Explorer could not be easier. You'll just have to fill in the order form. If you are asked to select a software, choose Microsoft Internet Explorer. Fill in the form is enough.According to the kind of client certificate, you'll be asked to fill in (or not) an e-mail field. Without this field the certificate will only be able to perform SSL client authentication (high SSL/TLS authentication) and to digitally sign documents. With an e-mail field, the certificate can be used to sign and encrypt e-mail (S/MIME standard).
The form may propose advanced settings, you will then be able to select the CSP of your choice. CSP is a private keys and certificates' storage unit driver. Microsoft always provides a software CSP matching the registry. If you have a smart card reader or a USB token, you probably also have a CSP to use them. In this case you can use it to store the private key and the certificate.
There are 2 possible settings with this CSP. See CSP Microsoft Base/strong/Enhanced Cryptographic Provider:
- Exportable private key (CRYPT_EXPORTABLE): if unchecked, you won't be able to export the private out of the user session
- Protected private key (CRYPT_USER_PROTECTED): a password will be requested each time you'll manipulate the key, there are usually 3 possible settings:
- Low Security
- Medium Security: a dialog box appears when a program wants to use the private key
- High Security: a dialog box appears requesting a password when a program wants to use the private key
Last edited on 11/02/2018 10:53:50 --- [search]