Some CryptoAPI applications still require the use of a default certificate and have no functionality to let the user select which certificate to use.

This section allows registering of a specific certificate to a specific application. Format:



The name of the application. The application name Default may be used to specify the default behavior.


The certificate serial number.


The certificate issuer field.


The certificate subject field.


The certificate key usage.

Only specify those values that should be matched. Set a * character to match any.

Example 1. DefaultCertificate string

The following requires a specific issuer common name and key usage when used with the application.

app.exe=*| CA v2|*|A0

This section will be ignored if any certificate on the token is marked as default.