6

I have several web sites where I have to log in using different client certificates. In Edge (and Internet Explorer) on Windows 10 I'm presented with this dialog:

Default certs

most often, the certificate shown is not the one I need to use, so I can click on More choices, now it shows all available certificates:

all certs

and I can pick the correct one, but I would like to avoid the extra click.

I changed the Friendly Name of the certificates but it doesn't make a difference in the display order.

Does anybody know how to change the order in which the certificates are displayed in the dialog?

Improve this question
5
  • The order of the certifcates is based on the order that appears in IE's Internet Options->Content->Certificates window. If you want change the order, import the certificates, in the order you want them to appear.
    – Ramhound
    Commented Aug 10, 2016 at 15:54
  • @Ramhound - The order in the IE Internet Options is totally different from the one I see in the dialog I mention. Also I tried importing the certificates in a different order but the order in the dialog is still the same. I'm thinking it may be ordered by expiry date, because the first one is valid longer than the other ones.
    – Peter Hahndorf
    Commented Aug 10, 2016 at 16:00
  • Have you checked if the order displayed is the order they are listed in the certificate store?
    – Ramhound
    Commented Aug 10, 2016 at 16:03
  • @Ramhound - I checked, both ls Cert:\CurrentUser\my and certutil -store -user My show the same order, but it is different from what I get in the dialog. In mmc it's ordered by Issued To by default which is also not what I see in the dialog.
    – Peter Hahndorf
    Commented Aug 10, 2016 at 16:30
  • I added another SMIME certificate to my personal store. It's new and expires after all the other older ones. It is now shown first. I can use this certificate for the site I use most, but I still can not re-order the list.
    – Peter Hahndorf
    Commented Aug 16, 2016 at 18:59

2 Answers 2

Reset to default
2

I found a good workaround that helped me get away from always clicking "more choices". In my case, there are several certificates on a smart card that I never use so I simply disabled them. This worked to keep them from showing up as a choice when a certificate is presented to me for choosing.

Using certmgr, I found all my certs under Personal/Certificates. Right click on the certificate you want to disable and select Properties. On the General tab, select "Disable all purposes for this certificate". You can even disable for specific purposes here.

Dialog Box Image

For me, it worked great! Unneeded certificates do not show up when a choice is offered... and it's easily reversible. Be careful not to lock out your user and have a backup plan!

Improve this answer
0

@_SuoiruC__ The certificates are presented in Expiration date order. Run certmgr.msc; in the Personal certificates repository, right click on one you want to bring up to top and select the All tasks -> Advanced Operations and select the "Renew This Certificate with the Same Key" function and the "renewed" certificate will come to the top.

I did find on my next usage of the certificate that I had to provide my authentication information again for the site I went to, so don't do this if you don't remember the authentication information!

The ideal solution, of course, is to have Windows present the list of certificates like it did previously; or, at least, give us a setting to skip the "more choices" click and list all possible.

Improve this answer
3
  • 2
    Please edit your answer and provide specifics on on how to accomplish the ideal solution
    – Ramhound
    Commented Feb 27, 2017 at 22:51
  • This just gives me an "Enrollment error" message after clicking Next: "The request contains no certificate template information." No effect on the selection order.
    – Sean Van Gorder
    Commented Apr 21, 2017 at 15:42
  • in my case i had lots of old personal pki certs. so i opened certmgr.msc and deleted the old expired certs. then the next time the dialog popped up there was only the newest valid cert.
    – Trevor Boyd Smith
    Commented Aug 18, 2020 at 13:55

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .