Article ID: 946387 - View products that this article applies to.
In Windows Server 2008, you try to use the Digital Signature Algorithm (DSA) together with a private key to install the Active Directory Certificate Services role. If the private key is stored in a Cryptography Next Generation (CNG)-based key storage provider, you receive an error message that resembles the following:
Active Directory Certificate Services Setup failed in building CA certificate. The request is not supported. 0x80070032 (WIN 32: 50)
Windows Server 2008 and Windows Vista cannot sign certificates by using DSA if the private key is stored in a CNG-based key storage provider. If you use a Microsoft key storage provider or any other CNG-based providers for DSA, you will experience a failure when the operating system signs certificates or helps to secure e-mail messages.
To resolve this problem, use the legacy DSA cryptographic service providers (CSPs).
CNG contains a new set of cryptographic APIs. These APIs are available in Windows Vista and in later operating systems. For more information about CNG, visit the following Microsoft Web site:
http://msdn2.microsoft.com/EN-US/library/aa376210.aspxFor more information about how CNG relates to the Active Directory Certificate Services role, visit the following Microsoft Web site:
Contact us for more help
Connect with Answer Desk for expert help.