Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, May 23, 2016 7:03 PM
I am trying to add another certificate to an existing smart card, which has 3 certificates on it. I have exported the new certificate to a .pfx file. I used the command:
certutil -csp "Microsoft Base Smart Card Crypto Provider" -importpfx [file location].pfx
I am then prompted to select the card, however it tells me that the card is "Read-Only", and I am presented with no other options but to cancel the process. Does anyone know how to remove this read-only property? The existing certificate is from Entrust, but I am not presented an option during the original setup regarding a read-only property. In fact, I just connect to their server and it imports the certificate onto the card for me.
All replies (1)
Wednesday, May 25, 2016 3:50 PM ✅Answered | 1 vote
Hi,
At the very beginning, would you please contact the manufacture of your smart card to clarify if such model of card is designed as Read-only one or if there is any limited on storing certificate. If there is any portal to manage the smart card to change it's properties.
If all is confirmed, please check following keys, two registry keys must be modified to permit the import operation.
· HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto
Provider\AllowPrivateExchangeKeyImport=DWORD:0x1
· HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto
Provider\AllowPrivateSignatureKeyImport=DWORD:0x1
Then, make sure you run the commands as administrator to import the smart card.
Please mark the reply as an answer if you find it is helpful.
If you have feedback for TechNet Support, contact [email protected]