...
- Open the Local Group Policy Editor. Click Start (Windows 8 - keyboard shortcut WIN+R), and then in the window Find programs and files type gpedit.msc.
The Local Group Policy Editor will open. - Go to the section Computer Configuration - Administrative Templates - Windows Components - This policy setting allows you to choose BitLocker disk encryption (for Windows 10/8.1/8) or Computer Configuration - Administrative Templates - Windows Components - BitLocker Disk Encryption (for Windows 7/Vista/Srv2008).
- Select the item Check the consistency of the rules for using smart card certificates. Then click Change the policy setting.
- Set the switch to Enable.
- Click on the OK button.
- By default, the use of self-signed certificates is disabled. If it is disabled on your computer, the following message will be displayed when you try to enable encryption:
- In order to enable the use of self-signed certificates, you need to make changes to the registry. Press the key combination Windows + F and enter regedit in the input field.
- Click on the OK button.
- In the Registry Editor window, go to: HKLM - Software - Policies - Microsoft - FVE.
- Double-click on the SelfSignedCertificates line and set the value to 1.
- You can also create a file with which the required value will be registered in the registry. Open Notepad or any other text editor.
- Copy and paste the following information into the file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE] "SelfSignedCertificates"=dword:00000001 - Save the file named selfsign.reg.
- After saving, run this file.
- To confirm the action, click on the Yes button. As a result, the values will be entered in the registry.
- In the window that opens, click on the OK button.