This site requires JavaScript to be enabled
NIH Public Knowledge Base > Application > HHS ID Badge: Certificates - What to do after you renew
HHS ID Badge: Certificates - What to do after you renew
Article: KB0020928 Published: 2024-02-01 Last modified: 2024-02-27


General Information


After you renew your digital certificates or replace your HHS ID Badge, please perform the actions listed below to make sure that you will be able to use your new digital certificates to send and receive secure email and login to applications.

 

Article Contents



Log in to Your Computer


After you renew your certificates

  1. Restart your NIH Windows workstation.
  2. Once the login screen appears, connect to NIH network before logging in with your PIV/username & password. If you are remote, connect to NIH VPN first.

    Note: If you do not complete this step, you will receive an error message when attempting to use your PIV/ALT Card to sign in.

Back to top


Remove Your OLD Digital Certificates


Your old (prior) digital certificates are no longer useful and may cause problems when you use your smart card to log in to a computer, read encrypted email or digitally sign documents. Therefore these old certificates should be removed (deleted) from your computer.

Note: You need PKI private keys to read encrypted emails. These keys were deleted when you renewed your certificates. Keeping your old digital certificates will not enable you to read old encrypted emails. See below for instructions on how to recover prior certificates to read old encrypted email. See the following KB article to learn about the relationship between digital certificates and private encryption keys: HHS ID Badge: PKI General information.

Windows
See the following NIH IT Knowledge Base article: HHS ID Badge: Configure software after certificate renewal.

MacOS
The MacOS token cache must be cleared after updating HHS ID Badge (PIV/Smart Card), certificates.

To clear the token cache:

  1. Remove any smart cards that may be in the card reader.
  2. As a local administrator, run the following command in a Terminal window: Sudo rm –r /private/var/db/TokenCache/tokens.
    Note: To avoid deleting important system files, this command must be entered exactly as it is shown, including spaces.
  3. After the command is entered into the prompt, press Return to run the command.
  4. Once the command finishes, you are returned to the Terminal command prompt and the new certificates are read by the computer.
    Note: The configuration process may take a few minutes.

Back to top


Update Your NIH VPN Client Software


Some users may experience problems using VPN and PIV cards after receiving the newer Entrust certificates (especially if they have not used the NIH VPN for the past several months). Please refer to the NIH IT Knowledge Base article: Cisco AnyConnect VPN Client: Login issues with Entrust certificates for more information.

Back to top


Re-Configure Applications to Use New Certificates


Many applications need to know which certificates to use for various PKI-enabled functions (e.g., Outlook, Adobe, Firefox, etc.). Please refer to following KB articles:


Back to top


Share Your New Certificates to Receive Encrypted Email


People often keep your email address in their local contacts list. Even though you published your certificate to the GAL when you configured Outlook or, if you are a Mac user, you used the Publish Certificate to Active Directory (PAD) utility, this did not update the certificates in anyone's local contacts list.

To ensure you receive encrypted email, send a digitally signed email to people who send you encrypted email and ask them to capture your email address and update their local contacts list. Updating a local contacts list from a digitally signed email automatically updates the certificates needed to send encrypted email to that email address.

Back to top


Recover Prior Certificates to Read Old Encrypted Email


If you are unable to read old encrypted email, you need to obtain copies of your previous digital certificates and associated private keys. To obtain these items, please see the NIH IT Knowledge Base article on how to recover and install prior encryption certificates. Note: Badges issued after October 1, 2012 have extra memory that enables them to store your earlier certificates (up to 5) which may make key recovery unnecessary.

Back to top

 

NIH IT Service Desk Contact Information


Local: 301-496-4357
Toll-Free: 1-866-319-4357
TTY: 711
NIH IT Service Desk Portal: http://itservicedesk.nih.gov/


 


 


Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo
Rate this article