Best Practice for Configuring Certificate Template Cryptography

Published Jan 24 2020 01:59 PM 1,587 Views
Microsoft

First published on TECHNET on Apr 27, 2012

Starting with Windows Vista and Windows Server 2008, the option to utilize Key Storage Providers (KSPs) in addition to Cryptographic Service Providers (CSPs) was added. These options are available when you create a Certificate Template and configure the settings in the Cryptography tab. Depending on the template duplicated, you may see that the default option is Request can use any provider available on the subject’s computer. However, the best practice is to select Requests must use one of the following providers . Then, ensure you configure only the providers that you want to be used . Another best practice is to use a key size of 1024 bits or higher.

 

 

More about this topic is on the TechNet Wiki http://social.technet.microsoft.com/wiki/contents/articles/10192.a-certificate-could-not-be-created...

%3CLINGO-SUB%20id%3D%22lingo-sub-1128888%22%20slang%3D%22en-US%22%3EBest%20Practice%20for%20Configuring%20Certificate%20Template%20Cryptography%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1128888%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%20First%20published%20on%20TECHNET%20on%20Apr%2027%2C%202012%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EStarting%20with%20Windows%20Vista%20and%20Windows%20Server%202008%2C%20the%20option%20to%20utilize%20Key%20Storage%20Providers%20(KSPs)%20in%20addition%20to%20Cryptographic%20Service%20Providers%20(CSPs)%20was%20added.%20These%20options%20are%20available%20when%20you%20create%20a%20Certificate%20Template%20and%20configure%20the%20settings%20in%20the%20Cryptography%20tab.%20Depending%20on%20the%20template%20duplicated%2C%20you%20may%20see%20that%20the%20default%20option%20is%20Request%20can%20use%20any%20provider%20available%20on%20the%20subject%E2%80%99s%20computer.%20However%2C%20%3CSPAN%20style%3D%22background-color%3A%20%23ffff00%3B%22%3E%20the%20%3CSPAN%20style%3D%22text-decoration%3A%20underline%3B%22%3E%20best%20practice%20%3C%2FSPAN%3E%20is%20to%20select%20%3CSTRONG%3E%20Requests%20must%20use%20one%20of%20the%20following%20providers%20%3C%2FSTRONG%3E%20.%20Then%2C%20ensure%20you%20configure%20only%20the%20providers%20that%20you%20want%20to%20be%20used%20%3C%2FSPAN%3E%20.%20Another%20best%20practice%20is%20to%20use%20a%20key%20size%20of%201024%20bits%20or%20higher.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20401px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167192iFBF89EA8DB8BEE97%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMore%20about%20this%20topic%20is%20on%20the%20TechNet%20Wiki%20%3CA%20href%3D%22http%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2Fcontents%2Farticles%2F10192.a-certificate-could-not-be-created-a-private-key-could-not-be-created.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20http%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2Fcontents%2Farticles%2F10192.a-certificate-could-not-be-created-a-private-key-could-not-be-created.aspx%20%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1128888%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20TECHNET%20on%20Apr%2027%2C%202012%20Starting%20with%20Windows%20Vista%20and%20Windows%20Server%202008%2C%20the%20option%20to%20utilize%20Key%20Storage%20Providers%20(KSPs)%20in%20addition%20to%20Cryptographic%20Service%20Providers%20(CSPs)%20was%20added.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1128888%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EKurtHudson%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Feb 21 2020 05:51 AM
Updated by: