This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 28.000000000000004%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi, I recently created a tier 1 pki using ECDE_P256 as the key exchange algorithm instead of RSA with ECDSA as the signing algorithm on server 2019. I found an interesting bug where if i created a certificate template (duplicated from web server or user or computer) increased the CA and recipient compatibility to 20082, ( i have to do this otherwise under Cryptography it doesn't give me the option to change the provider category from legacy) changed the provider to "key storage provider",algorithm name to ECDH_P256 and published the template it would not show under web enrollment in a browser. Using MMC is fine. Has anyone encountered this before and such has a means to remediate it. Web enrollment is a nice to have. Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello @Mark ,
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.
Best Regards,
Daisy Zhou
Has anyone encountered this before and such has a means to remediate it.
what you are facing -- is expected and be design. Templates with Key Storage Provider are not supported by web enrollment and will never do. Web enrollment pages are no longer recommended for use because of huge limitations. Use Certificate MMC instead.
Hello @Mark ,
Thank you for posting here.
I have done such test in my lab, I can not see the certificate template via certsrv web page, either.
Usually, if we select "Supply in the request" under "Subject Name" and set the proper permission, we will see this cert template via certsrv web page.
Not sure if it is related to unsupported CSP on certsrv web page.
I am sorry, I did find the reason for this.
Best Regards,
Daisy Zhou
Hi,
I appreciate both replies.
I understand that this cannot be supported using web enrollment which is okay.
Thank you