Your PIV Certificates

Your HHS ID Badge (PIV Card) contains digital Certificates that are public electronic documents that bind information about you (e.g., name, organization, Active Directory user name, email address, etc.) to a private digital key that is securely stored on your PIV cPKI 101.


This page will:

 

Types of Certificates on your PIV card

Your PIV card contains four types of digital certificates:
  1. Authentication Certificate used to log you on to applications and computers.
    This certificate usually has an -A after your name.
  2. Encryption Certificate used to encrypted email messages send to you.
    This certificate usually has an -E after your name.
  3. Signing Certificate used to digatally sign emails and documents.
    This certificate usually has an -S after your name.
  4. Card Management Certificate which is not currently used at NIH.
    This certificate is issued to PIV or PIV Users.

The new 128K PIV Cards (see below) may also contain up to five of your prior encryption certificates to make it easier for you to read old encrypted emails. These certificates will have older expiration dates and may, or may not, have an -E after your name.

Note: If you have a 64K PIV card, or need to read very old encrypted emails, you will need to recover the old certificates and associated keys used to encrypt them.

 

Examining the Certificates on your HHS ID Badge

An easy way to examine the digital certificates on your PIV card is to open Windows Internet Explorer (IE) and select:

          Tools, then Internet Options, then Content tab,
          then Certifictes button and finally the Personal tab.

This brings up the Certificates Window (shown below) that displays all of the user certificates that Microsoft is aware of.

IE Personal Certificates Window 

Note: This window may contain old certificates that are no longer on your PIV card, especially if you recently renewed your certificates or replaced your PIV card. A good way to avoid certificate problems is to clear out old, unused certificates, by:

  1. Removing your PIV card from the smart card reader.
  2. Click on the top certificate in the Certificates window.
  3. Shift-Click on the bottom certificate -- to select all of the certificates.
  4. Click on the Remove button.
  5. Click Yes when asked if you want to delete the certificates?
  6. Re-insert your PIV card, which will reload your current certificates into Windows.

 

How to tell if you have a 64K or 128K PIV card

The 64K cards have a serial number on the back of the card that starts with 2050. The 128K cards have serial number on the back that starts with 4820.

64K Card     128K Card

 

Information and Assistance

For additional information, search the NIH IT Knowledge Base for tutorials, instruction sheets and user guides or refer to the appropriate How-To Guide.

For questions or user support, please contact the NIH IT Service Desk.