CredentialProvider Enroll

This section specifies the behavior when inserting an empty smart card; should a certificate be enrolled to the smart card or not? The behavior is relying on an additional component called LRA (local registration authority) and is currently only available on project basis, since it will require a connection to a certificate authority.

Parameters, RequestURL, and ResponseURL

These entries are used to generate the certificate request and the value is depending on the LRA component, see LRA documentation for more information.


This entry tells whether challenge/response should be used when unlocking the PIN. The smart card to be enrolled may be locked for security reasons.


Normal PUK is used to unlock PIN


Challenge/response used to unlock PIN

Default value is 0; normal PUK is used to unlock PIN.


This entry tells the number of seconds a challenge should be valid when using challenge/response mode.

The smart card will be locked during the operation, since the next call after generating the challenge should be the response. No other application will be able to access the smart card until the timeout is reached or the operation is finished/aborted.


This entry tells whether the smart card always should be unlocked during enrollment.


Will unlock smart card when locked


Will always unlock smart card

Default value is 0; will unlock smart card when locked.