Order of client certificates in the 'Select a certificate' dialog in Windows 10

2

I have several web sites where I have to log in using different client certificates. In Edge (and Internet Explorer) on Windows 10 I'm presented with this dialog:

Default certs

most often, the certificate shown is not the one I need to use, so I can click on More choices, now it shows all available certificates:

all certs

and I can pick the correct one, but I would like to avoid the extra click.

I changed the Friendly Name of the certificates but it doesn't make a difference in the display order.

Does anybody know how to change the order in which the certificates are displayed in the dialog?

Peter Hahndorf

Posted 2016-08-10T12:09:11.717

Reputation: 10 677

The order of the certifcates is based on the order that appears in IE's Internet Options->Content->Certificates window. If you want change the order, import the certificates, in the order you want them to appear. – Ramhound – 2016-08-10T15:54:47.633

@Ramhound - The order in the IE Internet Options is totally different from the one I see in the dialog I mention. Also I tried importing the certificates in a different order but the order in the dialog is still the same. I'm thinking it may be ordered by expiry date, because the first one is valid longer than the other ones. – Peter Hahndorf – 2016-08-10T16:00:11.347

Have you checked if the order displayed is the order they are listed in the certificate store? – Ramhound – 2016-08-10T16:03:42.690

@Ramhound - I checked, both ls Cert:\CurrentUser\my and certutil -store -user My show the same order, but it is different from what I get in the dialog. In mmc it's ordered by Issued To by default which is also not what I see in the dialog. – Peter Hahndorf – 2016-08-10T16:30:09.807

I added another SMIME certificate to my personal store. It's new and expires after all the other older ones. It is now shown first. I can use this certificate for the site I use most, but I still can not re-order the list. – Peter Hahndorf – 2016-08-16T18:59:19.017

Answers

-1

@_SuoiruC__ The certificates are presented in Expiration date order. Run certmgr.msc; in the Personal certificates repository, right click on one you want to bring up to top and select the All tasks -> Advanced Operations and select the "Renew This Certificate with the Same Key" function and the "renewed" certificate will come to the top.

I did find on my next usage of the certificate that I had to provide my authentication information again for the site I went to, so don't do this if you don't remember the authentication information!

The ideal solution, of course, is to have Windows present the list of certificates like it did previously; or, at least, give us a setting to skip the "more choices" click and list all possible.

user702183

Posted 2016-08-10T12:09:11.717

Reputation: 1

2Please edit your answer and provide specifics on on how to accomplish the ideal solution – Ramhound – 2017-02-27T22:51:36.397

This just gives me an "Enrollment error" message after clicking Next: "The request contains no certificate template information." No effect on the selection order. – Sean Van Gorder – 2017-04-21T15:42:29.227

Asked: 2016-08-10T12:09:11.717

Viewed: 16 110 times

Active: 2018-03-20T15:22:16.490