PIV Cards are designed to be issued centrally, and do not change throughout their lifecycle. As such PIV middleware applications, and the Windows standard PIV Minidriver may cache the information in the card to speed up processing. If you change the card, for example by adding a certificate, or changing the PIV mapping, this may cause an error when the middleware or minidriver cannot find the associated keys.
To resolve the error, delete the card certificates from the windows certificate store.
- Run Certmgr.msc
- Select Certificate - Current User\Personal\Certificates
- Find the certificate and delete it.
Then remove the PIVKey and reinsert it. If you are logging on, you may have to try several times before the cache is truly renewed.
You may also have to reset the card cache. How this is done is specific to your middleware. For the standard Windows PIV minidriver, the cache is kept in the registry. Delete the content of the PIV Device ATR Cache here:
HKLM\SOFTWARE\Microsoft\Cryptography\Calais\PIV Device ATR Cache
HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\PIV Device ATR Cache
Comments
0 comments
Article is closed for comments.