PIVKey and Bitlocker

Thanks to Ryan Eulberg for the following:

To avoid the dreaded error “A certificate suitable for bitlocker can't be found on your smart card”. The following instructions work on Windows 10 Pro and are from begin to end.

You can either use the default certificate that comes with the PIVKey on slot E or create your own.

- If you want to create your own certificate for encryption, then follow ALL of the steps in the article https://technet.microsoft.com/en-us/library/dd875530(v=ws.10).aspx, section “Sharing an EFS certificate with BitLocker”.

- If you want to use the default certificate that comes with the PIVKey, then follow steps 9-12 in the article https://technet.microsoft.com/en-us/library/dd875530(v=ws.10).aspx, section “Sharing an EFS certificate with BitLocker”.

To obtain the OID needed in steps 9-12, run “certutil -scinfo” from a command prompt and locate the certificate that you want to use (look at the issuer). The OID will look something similar to “Application[0] = 1.3.6.1.4.1.311.67.1.1 Encrypting File System”. The numbers are the OID.

Now you can right click on one of your drives and select the “Turn on BitLocker”. Select the option “Use my smart card to unlock the drive” and complete the rest of the wizard.