My users have to manually install certificates every time they log in

Product: ProfileUnity-FlexApp

Product Version: 5.2, 5.5

Expires on: 365 days from publish date

Updated: Jun, 13 2013



They are personal e-mail certificates. Because it's financial institution users have to use them when sending out e-mail



With each logon/logoff users have to reinstall the certificate which is missing next time they log back in on the next day.


Possible Resolution(s):

The most common reason for this is incomplete "Certificates" ruleset or it is completely turned off.

Step 1. Open ProfileUnity console, go to "Configuration Management" and make sure you have all rulesets below:

  • Name of Portability Ruleset: Certificates
  • Registry Rules:
    • Merge Tree HKCU 'Software\Microsoft\Cryptography'
      Merge Tree HKCU 'Software\Microsoft\SystemCertificates'
      Merge Tree HKCU 'Software\Microsoft\Windows NT\CurrentVersion\EFS'
      Exclude Tree HKCU 'Software\Microsoft\SystemCertificates\Root\ProtectedRoots'
      Merge Tree HKCU 'Software\Microsoft\Identities'
  • Filesystem Rules:
    • Merge User Profile 'AppData\Roaming\Microsoft\SystemCertificates'
      Merge User Profile 'AppData\Roaming\Microsoft\Crypto\RSA'
      Merge User Profile 'AppData\Roaming\Microsoft\Protect'




Step 2 . Verify your "Portability" Certificates rule has both options selected:

  • Apply Registry Rules
  • Apply Filesystem Rules



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.