Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
607 questions
MIM(FIM) Web.config "clm.encryption.hash" cert expired
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 93%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Michael Ma
1
Reputation point
Hello PKI experts,
I am new at PKI especially MIM(FIM), now I am confused on the "clm.encryption.hash" in web.config. It is using an old cert thumbprint to be expired. (Notes: a separate cert rather than signing cert)
This cert is previously with .pfx format, however, it becomes a .cer format due to some other reason. The thumbprint is not changed. That means the cert has no private key within it. How can the encrypted data be decrypted?could someone help explain how "clm.encryption.hash" works? Does it impact the smartcard unblock?
I ever tried to renew it with a new cert, then the smartcard unblock function will be failed with error "the data could not be decrypted". What should I do if i want to renew it? Will it impact the current smartcard users? Could you please help me? Will appreciate very much!