Registry changes needed for Care Identity Service software

This registry key is used to protect the user's personal certificate store at the time of authentication and digital signing.

By setting the registry string to contain the Issuer details for NHS Certificate Authorities, you can make sure that, during authentication and signing, only stale X.509 Certificates issued by those defined Certificate Authorities will be removed.

If you are using solutions such as Always on VPN (AoVPN), Network Authentication Certificates or any other certificate that is required to be placed in the user's personal store, you will need to configure this registry key, which you can obtain the relevant settings from the guidance below to suit you organisations setup.

Registry key

Location: Preference as below
Value name: TrustedCertificateIssuers
Type: Reg_SZ
Value: CN=NHS Level 1C, OU=CA, O=nhs;CN=NHS Level 1D, OU=CA, O=nhs;CN=NHS Authentication G2, OU=CA, O=nhs, C=GB;CN=NHS Signing G2, OU=CA, O=nhs, C=GB