Managing Logon Certificates
A valid certificate has to be installed in the web browser of the user. An overview of the available certificates can be found in the Internet Explorer at Tools -> Internet Options -> Content -> Certificates or using the Microsoft Management Console (certmgr.msc).
There are two ways how users can be authenticated during logon: Either the user has to enter user name and password or a certificate has to be sent by the browser. In the latter case no user name or password has to be entered, provided the certificate has been assigned to the desired user in the system.
Scenario: Assign certificate to user
Step 1: Log on to system for certificate maintenance
In order to assign a logon certificate to a particular user you first have to log on to the system using the password for this user.
You have to make sure, that a certificate is sent from the browser to the system during logon. Depending on the configuration of the browser you might see a popup window to confirm the used certificate:
Select the certificate and click OK.
If only one certificate is available this popup can be suppressed in Microsoft Internet Explorer by the following security setting for the relevant zone (see Tools -> Internet Options -> Tab Security -> Custom level… -> Don’t prompt for client certificate selection when only one certificate exists
Step 2: Assign certificate as logon certificate
When logged on successfully go to Personalize -> My Settings -> Manage Certificates
Click on button “Assign Logon Certificate”. A new browser window is opened showing details of the certificate to be assigned. Confirm by clicking “Assign Certificate”.
If you see the following message, no certificate was selected during log-on. In this case log off the system, close all browser windows and go back to step 1.
Step 3: Log on using certificate
Make sure that you are logged off from the system. Close all browser windows and re-start browser. Log on to the system by navigating to the usual URL. When the certificate popup appears select the certificate that was assigned to your user ID.