You receive an error message when you try to use the Digital Signature Algorithm together with a private key to install the Active Directory Certificate Services role in Windows Server 2008

This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
In Windows Server 2008, you try to use the Digital Signature Algorithm (DSA) together with a private key to install the Active Directory Certificate Services role. If the private key is stored in a Cryptography Next Generation (CNG)-based key storage provider, you receive an error message that resembles the following:
Active Directory Certificate Services Setup failed in building CA certificate. The request is not supported. 0x80070032 (WIN 32: 50)
CAUSE
Windows Server 2008 and Windows Vista cannot sign certificates by using DSA if the private key is stored in a CNG-based key storage provider. If you use a Microsoft key storage provider or any other CNG-based providers for DSA, you will experience a failure when the operating system signs certificates or helps to secure e-mail messages.
RESOLUTION
To resolve this problem, use the legacy DSA cryptographic service providers (CSPs).
MORE INFORMATION
CNG contains a new set of cryptographic APIs. These APIs are available in Windows Vista and in later operating systems. For more information about CNG, visit the following Microsoft Web site:For more information about how CNG relates to the Active Directory Certificate Services role, visit the following Microsoft Web site:
Properties

Article ID: 946387 - Last Review: 01/16/2015 02:39:39 - Revision: 1.2

  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • kbnosurvey kbarchive kbtshoot kbprb kbexpertiseinter KB946387
Feedback