Internet Explorer May Not Automatically Load Client Certificate (252984)

RESOLUTION

To resolve this problem, obtain the latest service pack for Internet Explorer version 5.01. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

267954 How to Obtain the Latest Internet Explorer 5.01 Service Pack

MORE INFORMATION

NOTE: For Microsoft Windows NT 4.0, Service Pack 6a must be installed before you install this hotfix.

Installing this hotfix causes the following changes:

If only one client certificate is available for authentication, Internet Explorer automatically sends that certificate. This becomes the default behavior for local, intranet, and trusted security zones. The high and medium templates prevent this behavior, while medium-low and low allow it.

Functionality has been added to avoid loading the empty client certificate dialog box.

The new functionality is hidden behind the following registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoSelectSingleCert

If the DWORD value is set and not equal to zero, the functionality is enabled. This is true unless you have two certificates in the personal store with the same trusted root.

When client authentication is requested (not required), the certificate is used anyway.
If the certificate security is set to High (requiring a password to use the certificate) the user is still prompted for the password.

Internet Explorer May Not Automatically Load Client Certificate (252984)

SYMPTOMS

CAUSE

RESOLUTION

STATUS

MORE INFORMATION