Tuesday, August 21, 2012 6:38 PM
we ship our own CSP that works with our smartcards, and for some reason, on Windows 8 RTM the certificates on our smartcards are not imported automatically by the certificate propagation service (CertPropSvc) into the users' "My" store, as was the case with previous versions of the OS, such as Windows 7. However, our own software, when running on Windows 8, is able to enumerate the certificates on our smartcards without problems and can e.g. extract properties of the certificates on our smartcards, such as the subject of the certificate. It is only CertPropSvc on Windows 8 that doesn't work as expected. Are there any changes in Windows 8 w.r.t. this functionality, anything that must be changed in the CSP or its installation?
I have tested on Windows 8 x86 RTM Enterprise.
Any help appreciated,
Saturday, August 25, 2012 2:40 AM
I'm not that familiar with the smartcard stack, but did you try the same test on the same machine with a card that works with a built in csp like the smartcard base csp? Did CertPropSvc propogate certs on that card?
Sunday, August 26, 2012 8:04 AM
I did try with the Aladdin eToken that I use for logging on to my AD-joined box and certpropsvc instantly imported its certificates into the "My" store, therefore my guess is, that it is our csp that is the culprit. Is there any logging facility that I could turn on to troubleshoot this or would it be of any help to use the checked build of the OS to further investigate? Or are there any known requirements for CSPs to continue to work on Windows 8?
Side note: Some new behaviour with Windows 8 puzzled my quite a bit even with the Aladdin eToken: As soon as I detached it from the box, the certificate that was previously imported vanished from the "Certificates" MMC snap-in immediately and reappeared when the eToken was attached again. This was not the case with Windows 7. Maybe this is just UI to reflect that these certificates are useless as long as the physical hardware is not attached and thus a red herring in my actual problem with our own csp and our own smartcards.
In case this matters: Our csp is based on the "coolkey" csp project from Fedora and the CA for the certificates stored on them is ourselves.
Any help appreciated,
Tuesday, August 28, 2012 6:22 PM
meanwhile I have found out that it is our CSP that is crashing the CertPropSvc on Windows 8, so this is why I never see any certs imported. I apologize for any invonveniences and I will first have to fix our CSP. If there are still any problems after having done this, I will come back to this issue.
- Marked As Answer by Stefan Kuhr Tuesday, August 28, 2012 6:22 PM