Error installed AD CS using "RSA#Microsoft Enhanced RSA and AES Cryptographic Storage Provider"

Question

Error installed AD CS using "RSA#Microsoft Enhanced RSA and AES Cryptographic Storage Provider"

Charlie Melga 126

Hello

If I installed AD CS as follows (on Windows 2019 Server Core)

Install-AdcsCertificationAuthority –CAType EnterpriseSubordinateCA –CACommonName "Core-CA-02" `

–KeyLength 2048 –HashAlgorithmName SHA256 `

–CryptoProviderName "RSA#Microsoft Software Key Storage Provider"

The above works no problem

If I change the –CryptoProviderName to the following

–CryptoProviderName 'RSA#Microsoft Enhanced RSA and AES Cryptographic Storage Provider'

It fails to install
(I can use the 'Microsoft Enhanced RSA and AES Cryptographic Storage Provider' via a GUI install with no issues, this this is Windows Server Core so no GUI). So I know it is not the CryptoProviderName (unless the syntax is slightly wrong as you have to add RSA# to the beginning of the name.

I do not have the exact error message to hand at the moment (apologies), but it is something along the lines of

Incorrect parameter, or unrecognized parameter

Any ideas please?

thanks in advance

CXMelga

Charlie Melga 126

PS

The following is the exact error message

Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -CACommonName "Core-CA-02" -KeyLength 2048 -HashAlgorithmName SHA256 -CryptoProviderName 'RSA#Microsoft Enhanced RSA and AES Cryptographic Storage Provider'

Install-AdcsCertificationAuthority : CCertSrvSetup::SetCASetupProperty: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)
At line:1 char:1
+ Install-AdcsCertificationAuthority –CAType EnterpriseSubordinateCA –C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Install-AdcsCertificationAuthority], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.CertificateServices.Deployment.Commands.CA.InstallADCSCertificationAuthority

Accepted answer

1 additional answer

Your answer

Charlie Melga 126 Reputation points

2023-03-13T14:22:39.19+00:00

PS

The following is the exact error message

Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -CACommonName "Core-CA-02" -KeyLength 2048 -HashAlgorithmName SHA256 -CryptoProviderName 'RSA#Microsoft Enhanced RSA and AES Cryptographic Storage Provider' Install-AdcsCertificationAuthority : CCertSrvSetup::SetCASetupProperty: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER) At line:1 char:1 + Install-AdcsCertificationAuthority –CAType EnterpriseSubordinateCA –C ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Install-AdcsCertificationAuthority], ArgumentException + FullyQualifiedErrorId : System.ArgumentException,Microsoft.CertificateServices.Deployment.Commands.CA.InstallADCSCertificationAuthority

Answer 1

Vadims Podāns 9,186 MVP

Actual provider name is "Microsoft Enhanced RSA and AES Cryptographic Provider" without "RSA#" prefix. The reason behind "RSA#" prefix is that Microsoft KSP support different types of asymmetric algorithms such as RSA, ECDSA (with different curves). "Microsoft Enhanced RSA and AES Cryptographic Provider" supports only RSA, so prefix is redundant.

Note: "Microsoft Enhanced RSA and AES Cryptographic Provider" provider use for CA is strongly discouraged, because it is a legacy provider which doesn't support enhanced features provided by CNG subsystem and may get limited set of supported algorithms.

Charlie Melga 126 Reputation points

2023-03-13T15:29:37.4133333+00:00

Thank you :)

Answer 2

Thameur-BOURBITA 36,261 Moderator

Hi @Charlie Melga

It seems that the syntax is not correct :

Did your try use –CryptoProviderNam Microsoft Enhanced RSA and AES Cryptographic Provider ?

Please don't forget to mark helpful answer as accepted

Share via

Error installed AD CS using "RSA#Microsoft Enhanced RSA and AES Cryptographic Storage Provider"

1 additional answer

Your answer