Known issues and limitations

Known issues

  • Interopability:
    Installation of Net iD Client will remove Net iD Enterprise. They may be installed in parallel, but the current default package will replace to allow for better detection of missing functionality when used with different applications.

  • PKCS#11 location:
    The PKCS#11 library is renamed netid.dll/libnetid.so/libnetid.dylib, so applications loading the PKCS#11 library need to be updated and/or reconfigured.

  • PKCS#11 CK_ULONG:
    The PKCS#11 library will use 32-bits CK_ULONG on 64-bits Windows. This behavior is consistent with Mozilla and Java, so will remove the need for the special built library delivered with Net iD Enterprise.

  • Plugin ActiveX:
    Plugin used as ActiveX component will be identified by GUID:

    • {5BF56AD2-E297-416E-BC49-00B327C4428E} — Net iD Client

    • {5BF56AD2-E297-416E-BC49-00B327C4426E} — Net iD Enterprise Customers using the _netid.js file to access plugin will continue to work without and changes needed. Customers loading ActiveX direct will need to update to the new GUID. Customers should start using _netid-ng.js, since it will also handle web-extensions to allow the use of the plugin in other web-browsers (Chrome/Firefox/Edge/etc).

  • mTLS IE mode Edge browser in Windows 11:
    Login mTLS in Edge browser running website in IE mode is not working in sandbox. Solved by adding site to Trusted Sites zone in Internet Options Security tab.

  • Citrix session towards Windows client OS:
    Not detected as win-stationtype ICA resulting in no virtual channel functionality.

Known limitations

  • Special characters:
    The comma character "," is not allowed to be used in attributes for Subject RDN, Subject AltName or Issuer RDN, i.e., Title in Subject RDN. Since this character is used as delimiters there are in practice too many possible problems with implementations that cannot seperate the use of commas as characters from the use as delimiters.

  • ECC (Elliptic-Curve Cryptography):
    The ECC algoritms are fully implemented in PKCS#11, Plugin and MiniDriver, but are not available in CSP (not allowed by Microsoft), KSP (not implemented) and CryptoTokenKit (not implemented). The ECC algorithms are fully implemented for soft tokens. The ECC algorithms are fully implemented for some smart cards. Most smart cards lack the support, but missing implementation for some of the smart cards that have the support. The ECC algorithms are not implemented for TPM tokens.

  • Existing Soft Tokens:
    Net iD Client will totally ignore any soft tokens from Net iD Enterprise. This is by design for security reasons. Net iD Enterprise may allow export of soft tokens, depending on the issuing environment. Export of soft tokens is considered bad behavior since allow for theft of the credential. Net iD Client will never allow export of soft tokens and consider all soft tokens from Net iD Enterprise as unsecure.

  • CryptoTokenKit:
    CryptoTokenKit replaces Tokend on macOS. Apple require this component to use the macOS smart card reader support and it is unfortunately not as stable as PC/SC Lite, please contact our support for more information.

  • Net iD Portal with web-extension:
    Running Net iD Portal with web-extension in Edge, Chrome and Firefox requires Net iD Portal GUI v1.9.47 or newer.

  • Net iD Portal with Mifare support:
    Running Net iD Portal with Mifare support and PaperCut integration requires Net iD Portal GUI v1.9.51 or newer.

  • Microsoft Certificate Propagation service:
    Interference with Microsoft Certificate Propagation service may occur. Stop and disable the Certificate Propagation service since Net iD handles this instead.

  • RemoteConnect to already logged in Console:
    RemoteConnect to already logged in Console session will result in user certificate mover not being able to restart. Logout and login again to resolve issue.

  • MSI upgrade from NiE not supported:
    Net iD Enterprise MSI package must be uninstalled before installation of Net iD Client MSI package. EXE to EXE upgrade is supported.

  • ExitWindows in multi-user scenario on Windows client OS:
    If ExitWindows functionality is used it will fail if normal lock PC is used on card removal. Use disconnect action instead.

  • Minidriver:
    No Minidriver functionality in this release.

  • PINPAD:
    No PINPAD tests performed in this release.

  • TPM:
    No TPM tests performed in this release.

  • Server core:
    No GUI functionality.