Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Windows will not pass smart card information to browsers

I'm having an issue where when trying to connect to my employer's website from my home computers I'm not getting prompted for my smart card credentials whenever I'm using my laptop, however when I'm using my desktop the prompts appear and smart card authentication occurs. Both systems are using Windows 10, and I'm using IE11 and Chrome on both systems. I suspect that there may be some Windows side setting that's blocking the browsers from seeing my smart card on my laptop, but after countless hours of troubleshooting and digging around every possible option online I'm at a standstill here.

Things that I've tried:

  • Tested smart card reader and card on second computer, no issues, IE/Chrome prompts for certificate and allows login to employer website.
  • Internet Options > Security > Internet > Custom Level: Don't prompt for client certificate selection when only one certificate exists - set to Disable
  • Internet Options > Content > Certificates: All smart card certificates are enabled for client authentication
  • Internet Options > Advanced: SSL 3.0, TLS 1.0/1.1/1.2 enabled
  • Installed all required PKI certificates required by employer

My smart card certificates do appear under the personal tab, so I know the laptop is seeing them, but for some reason IE and Chrome can't access the certificates (further verified by removing the card, deleting the certificates, reinserting the card and checking that the certificates come back).

I know it's not an issue with my internet connection or my employer's website as my desktop prompts me for my smart card certificate appropriately, so the issue here is limited to just my laptop. At a minimum the website should be pulling up the Windows smart card dialog and prompting me for my card even when it's not inserted, but I can't even get to that point right now.

like image 507
Chaosbydesign Avatar asked Oct 18 '22 04:10

Chaosbydesign


1 Answers

I finally figured it out after finding a TechNet article on enabling the advanced CryptoAPI 2.0 diagnostics. It turned out that the Kaspersky anti-virus I had installed on my computer was injecting it's own security certificate instead of letting Windows pop up the certificates on my smart card. Uninstalled Kaspersky, everything worked.

like image 105
Chaosbydesign Avatar answered Nov 15 '22 09:11

Chaosbydesign