Store cert/key in software crypto provider if TPM 1.2 only

James Edmonds 811 Reputation points
2022-08-23T15:27:58.153+00:00

Hi,

We have an issue on some older TPM 1.2 devices with user certs being used for always on VPN.
It seems this is an existing issue for RSA algorithms on these older modules, with TPM 2.0 not suffering the same issue.

As we deploy VPN user auth certs via AD CA enrollment, we want to find if there is a way to store this cert/key in software crypto provider, only on those machines that have TPM 1.2 modules.
We can obviously update the cert template to remove the Platform Crypto Provider option, but we would prefer, if possible, to keep TPM 2.0 devices storing the cert in the hardware TPM module.

Many thanks.
James

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,772 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,779 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,740 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. James Edmonds 811 Reputation points
    2022-08-26T10:25:34.083+00:00

    Hi,

    Anyone advise any way of doing this, or do we have to just make a decision on whether to store this cert/key in software for ALL machines?

    Cheers
    James

    0 comments No comments

  2. James Edmonds 811 Reputation points
    2022-08-30T10:56:43.087+00:00

    We have decided to simply have this particular cert set to store in software provider, rather than hardware, which resolves our issue (albeit not in a perfect way).

    0 comments No comments