Best Practice for Configuring Certificate Template Cryptography

First published on TECHNET on Apr 27, 2012

Starting with Windows Vista and 2008, the option to utilize Key Providers (KSPs) in addition to Cryptographic Service Providers (CSPs) was added. These options are available when you create a Template and configure the settings in the Cryptography tab. Depending on the template duplicated, you may see that the default option is Request can use any provider available on the subject's computer. However, the is to select Requests must use one of the following providers . Then, ensure you configure only the providers that you want to be used . Another is to use a key size of 1024 bits or higher.

More about this topic is on the TechNet Wiki http://social.technet.microsoft.com/wiki/contents/articles/10192.a-certificate-could-not-be-cre…

 

This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.