The smart card does not contain any certificates that match the certificate selection criteria

  • 7940857
  • 19-Aug-2009
  • 26-Apr-2012

Environment

Novell SecureLogin


Situation

A new user logging on to the domain starts SecureLogin and receives the following message:

The smart card does not contain any certificates that match the certificate selection criteria.

Resolution

This issue is typically caused by the following:

  • Configuration of security settings relating to smart cards when cards are not being used
  • The selection criteria specified is invalid
  • SecureLogin was not installed with smart card support enabled and the correct configuration (e.g. PKCS #11 .dll).

The certificate selection criteria preference is used by NSL to search for a valid certificate if SSO data is being used to encrypt SSO data.

The certificate selection criteria determines which certificate to select if multiple certificates exist on the smart card.

If only one certificate is stored, leave the field blank and it will be detected automatically.

No special formatting is required and the search string is case insensitive. Wildcards are not used and it will match if the search text is a substring of the certificate subject field.

NSL attempts to match against the certificate Subject, then Issuer and finally Friendly Name in that order.

For example:

If the Subject is:

CN=Nick Katsivelos OU=London DC=undiscovered DC=com

London would be a valid search value, as would undiscovered and com. The CN=, OU= or DC= are not required.

If the Issuer is:

 CN=IssuingCA1 OU=AD DC=undiscovered DC=com

IssuingCA1 would be a valid search value, as would AD, undiscovered and com etc.

Set the smart card security settings back to Default if smart cards are not used.