Setting a Certificate as Default or Auxiliary

Note: This feature is supported in Windows only

You can set a certificate as:

Each option is enabled only if the action can be performed on that particular certificate or key.

The following table describes the use of these settings:





The Smart Card logon uses the certificate used in the previous logon as the default.

If the certificate used in previous logon is not the one required, set the required certificate as Default. Your eToken contains two certificates. One is for logon to domain A and the other for logon to domain B. Your previous logon was to domain A, which means the certificate for logon to domain A is now the default. If you now, from another computer, logon to domain B, the logon fails as it tries to use the domain A certificate. If you now set the domain B certificate as default, the logon uses the correct certificate and the logon succeeds.


In most Microsoft applications, Smart Card Logon is used. However, there are certain applications which use Client Authentication. Client Authentication provides access to fewer system resources than Smart Card Logon.

PKI Client enables a logon process for applications, such as VPN, with Client Authentication logon. However, if more than one certificate on the token has Client Authentication as an Intended Purpose, it is necessary to define one as the default. This is done by setting this certificate as Auxiliary.


Your eToken contains a certificate intended for VPN connection, but there is another certificate that also includes Client Authentication as an Intended Purpose. The certificate for the VPN connection must be set as Auxiliary, to ensure that it is used as the default for VPN logon.


To set a certificate as Default or Auxiliary:

  1. To open eToken PKI Client Properties do one of the following:

The eToken PKI Client Properties window opens.

  1. Click the Advanced View icon

The Advanced View window opens.

  1. In the left pane, right-click the required certificate.

  2. From the menu, select Select as Default or Select as Auxiliary.

The logon window opens.

  1. Enter the token password and click OK.

The certificate has been set as Default or Auxiliary.


See Also:

eToken Management