This is a brief explanation of a problem related to a Yubikey 5 device that contains three personal certificates with private keys. One of the certificates is also installed locally on a Windows 10 machine.

When the Yubikey is plugged into the machine, the public portion of certificates that are not present in the certificate store are copied there, which is not ideal but acceptable. However, the certificate that exists on both the Yubikey and the certificate store loses its private key on the machine, resulting in only the public portion being available on the machine.

This is disruptive and requires a full reinstallation of the certificate on the Windows machine, only for it to be lost again the next time the Yubikey is inserted.

The author is wondering if there is a way to disable automatic certificate discovery, specifically from PIV-enabled smart cards.

Askify Moderator Edited question April 30, 2023