You can set a certificate as:
Description: The Smart Card logon uses the certificate used in the previous logon as the default. If the certificate used in previous logon is not the one required, set the required certificate as Default.
Scenario: Your eToken contains two certificates. One is for logon to domain A and the other for logon to domain B. Your previous logon was to domain A, which means the certificate for logon to domain A is now the default. If you now, from another computer, logon to domain B, the logon fails as it tries to use the domain A certificate. If you now set the domain B certificate as default, the logon uses the correct certificate and the logon succeeds.
Description: If your token contains a certificate enabling you to do enrollment on behalf of other users, and your token contains more than one certificate, set the required certificate as Enrollment Agent.
Scenario: The system administrator wants to log on as an enrollment agent for domain A, where the user’s account is located. As there is also a certificate for domain B on the eToken, the administrator sets the domain A certificate as the Enrollment Agent, to ensure that it is used as the default Enrollment Agent certificate.
Description:In most Microsoft applications, Smart Card Logon is used. However, there are certain applications which use Client Authentication. Client Authentication provides access to fewer system resources than Smart Card Logon.
PKI Client enables a logon process for applications, such as VPN, with Client Authentication logon. However, if more than one certificate on the token has Client Authentication as an Intended Purpose, it is necessary to define one as the default. This is done by setting this certificate as Auxiliary.
Scenario: Your eToken contains a certificate intended for VPN connection, but there is another certificate that also includes Client Authentication as an Intended Purpose. The certificate for the VPN connection must be set as Auxiliary, to ensure that it is used as the default for VPN logon.
Each option is enabled only if the action can be performed on that particular certificate or key.
To set a certificate as Default, Enrollment Agent or Auxiliary:
In the Advanced view, select the required certificate.
Click the >> icon and select the required setting (Default, Enrollment Agent or Auxiliary).
Enter the token password and click OK.