This article has been archived. It is offered "as is" and will no longer be updated.
In Windows Server 2008, you try to use the Digital Signature Algorithm (DSA) together with a private key to install the Active Directory Certificate Services role. If the private key is stored in a Cryptography Next Generation (CNG)-based key storage provider, you receive an error message that resembles the following:
Active Directory Certificate Services Setup failed in building CA certificate. The request is not supported. 0x80070032 (WIN 32: 50)
Windows Server 2008 and Windows Vista cannot sign certificates by using DSA if the private key is stored in a CNG-based key storage provider. If you use a Microsoft key storage provider or any other CNG-based providers for DSA, you will experience a failure when the operating system signs certificates or helps to secure e-mail messages.
To resolve this problem, use the legacy DSA cryptographic service providers (CSPs).
CNG contains a new set of cryptographic APIs. These APIs are available in Windows Vista and in later operating systems. For more information about CNG, visit the following Microsoft Web site: