SPR# JRGE8L7LRU - Fixed an issue where a user who has certificates on a smartcard and in their ID file, would be prompted to select a signing certificate whenever they send a signed internet mail message.
The fix for this SPR addresses this problem two ways:
1. This fix introduces behavior which allows users to have a single signing certificate on their smartcard, and not in their ID file, to not be prompted. This requires that the user not have any additional internet signing certificates imported into their ID file or SmartCard. If only one signing certificate is being deployed to a set of users, this is the recommended method to deploy signing certificates on SmartCards.
This eliminates the need for users to import certificates into the ID file from the SmartCard in order to avoid being prompted, and the complexities that come with that approach. The INI parameter X509_CERT_PROMPT=1 will still force a prompt for the user even if only one certificate is available.
2. If multiple signing certificates are to be used on a SmartCard, then the user will be prompted to select which certificate they would like to sign an internet message with, unless the user has also imported these certificates into their ID file. In which case the default signing certificate will be used to sign messages. An ini parameter is also provided to help users control the behavior of this dialog:
SC_SIGNING_CERTS_PROMPT=0 - Restores original behavior where a prompt is received if any certificate is found on a SmartCard that is not imported into the ID file. This includes non-signing certificates, like encryption and CA certificates.
SC_SIGNING_CERTS_PROMPT=1 (default) - Only prompts a user if a signing certificate is found, which is not present in the ID file.
SC_SIGNING_CERTS_PROMPT=2 - Never prompt a user to select a signing certificate, even if there is a certificate on their SmartCard that could be used for signing. This is not recommended for general use.
↧