diff --git a/src/userconfigbase.ui b/src/userconfigbase.ui
index 4439222..581d1c8 100644
--- a/src/userconfigbase.ui
+++ b/src/userconfigbase.ui
@@ -935,7 +935,21 @@
 								<number>17</number>
 							</property>
 						</widget>
-						<widget class="KPushButton" row="4" column="0" colspan="5">
+						<widget class="TQCheckBox" row="4" column="0" colspan="2">
+							<property name="name">
+								<cstring>enableAutoPIN</cstring>
+							</property>
+							<property name="text">
+								<cstring>Store PIN in certificate</cstring>
+							</property>
+						</widget>
+						<widget class="KPasswordEdit" row="4" column="2" colspan="3">
+							<property name="name">
+								<cstring>autoPIN</cstring>
+							</property>
+							
+						</widget>
+						<widget class="KPushButton" row="5" column="0" colspan="5">
 							<property name="name">
 								<cstring>createCertificate</cstring>
 							</property>
@@ -943,7 +957,7 @@
 								<string>Generate New PKI Certificate</string>
 							</property>
 						</widget>
-						<widget class="TQLayoutWidget" row="5" column="0" colspan="5">
+						<widget class="TQLayoutWidget" row="6" column="0" colspan="5">
 							<property name="name">
 								<cstring>unnamed_layoutwidget1</cstring>
 							</property>
diff --git a/src/userconfigdlg.cpp b/src/userconfigdlg.cpp
index 9e90065..13d4b26 100644
--- a/src/userconfigdlg.cpp
+++ b/src/userconfigdlg.cpp
@@ -81,6 +81,8 @@ UserConfigDialog::UserConfigDialog(LDAPUserInfo user, LDAPConfig* parent, const
 	connect(m_base->certGenPrivateKey, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts()));
 	connect(m_base->certPrivateKeyFileName, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(processLockouts()));
 	connect(m_base->certPublicCertFileName, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(processLockouts()));
+	connect(m_base->enableAutoPIN, TQT_SIGNAL(clicked()), this, TQT_SLOT(processLockouts()));
+	connect(m_base->autoPIN, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(processLockouts()));
 	connect(m_base->createCertificate, TQT_SIGNAL(clicked()), this, TQT_SLOT(createPKICertificate()));
 	connect(m_base->revokeCertificate, TQT_SIGNAL(clicked()), this, TQT_SLOT(revokePKICertificate()));
 	connect(m_base->downloadCertificate, TQT_SIGNAL(clicked()), this, TQT_SLOT(downloadPKICertificate()));
@@ -243,6 +245,13 @@ void UserConfigDialog::processLockouts() {
 		m_base->passwordMinAge->setEnabled(false);
 	}
 
+	if (m_base->enableAutoPIN->isChecked()) {
+		m_base->autoPIN->setEnabled(true);
+	}
+	else {
+		m_base->autoPIN->setEnabled(false);
+	}
+
 	// Disable the primary group checkbox in the group list
 	TQListViewItemIterator it(m_base->secondary_group_list);
 	while (it.current()) {
@@ -287,6 +296,11 @@ void UserConfigDialog::processLockouts() {
 			ok_enabled = false;
 		}
 	}
+	if (m_base->enableAutoPIN->isChecked()) {
+		if (m_base->autoPIN->text() == "") {
+			ok_enabled = false;
+		}
+	}
 	m_base->createCertificate->setEnabled(ok_enabled);
 
 	TQListViewItem* lvi = m_base->certPKIDatabaseList->selectedItem();
@@ -342,7 +356,12 @@ void UserConfigDialog::createPKICertificate() {
 	}
 	caPrivateKeyTempFile.sync();
 
-	ret = LDAPManager::generateClientCertificatePublicCertificate(expirydays, m_user, realms[m_ldapconfig->m_ldapmanager->realm()], caPrivateKeyTempFile.name(), m_base->certPrivateKeyFileName->url(), m_base->certPublicCertFileName->url());
+	if (m_base->enableAutoPIN->isChecked()) {
+		ret = LDAPManager::generateClientCertificatePublicCertificate(expirydays, m_user, realms[m_ldapconfig->m_ldapmanager->realm()], caPrivateKeyTempFile.name(), m_base->certPrivateKeyFileName->url(), m_base->certPublicCertFileName->url(), m_base->autoPIN->text());
+	}
+	else {
+		ret = LDAPManager::generateClientCertificatePublicCertificate(expirydays, m_user, realms[m_ldapconfig->m_ldapmanager->realm()], caPrivateKeyTempFile.name(), m_base->certPrivateKeyFileName->url(), m_base->certPublicCertFileName->url());
+	}
 
 	// Delete the private key as soon as possible after certificate signing
 	caPrivateKeyTempFile.unlink();