When renewing a certificate, users are presented three choices for installing the new certificate:
Personal store
Local machine store
Smart Card
The option 'Personal store' is selected by default.
Use a text editor to open the file <KCA-install-dir>/WebServer/enroll-server/get-cert-msie.xuda, and look for the following lines:
<P> Where is this certificate being installed?
<SELECT NAME="USERPROTECT">
<OPTION VALUE="0" SELECTED>Personal store</OPTION>
<OPTION VALUE="1">Local machine store</OPTION>
<OPTION VALUE="2">Smart Card</OPTION>
</SELECT>
</P>
To change the default selection to 'Smart Card', change the above lines so they look like the following:
<P> Where is this certificate being installed?
<SELECT NAME="USERPROTECT">
<OPTION VALUE="0">Personal store</OPTION>
<OPTION VALUE="1">Local machine store</OPTION>
<OPTION VALUE="2" SELECTED>Smart Card</OPTION>
</SELECT>
</P>
Save the changes. All users will get 'Smart Card' as the default option to install the renewed certificate to.
Related Articles
Updating the certificate for a jks store and verifying the contents using keytool Number of Views Authentication Manager Log Messages (26001-26050) Number of Views Updating the Violation Manager attribute for a large number of RSA Identity Governance and Lifecycle applications Number of Views How to renew SSL server certificates with RSA Certificate Manager Number of Views RSA Authentication Manager 8.7 SP2 Patch 5 Web Tier Readme Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Release Notes for RSA Authentication Manager 8.8 Deploying RSA Authenticator 6.2.2 for Windows Using DISM Downloading RSA Authentication Manager license files or RSA Software token seed records
