Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You receive an error message when you try to use the Digital Signature Algorithm together with a private key to install the Active Directory Certificate Services role in Windows Server 2008


View products that this article applies to.

Symptoms

In Windows Server 2008, you try to use the Digital Signature Algorithm (DSA) together with a private key to install the Active Directory Certificate Services role. If the private key is stored in a Cryptography Next Generation (CNG)-based key storage provider, you receive an error message that resembles the following:
Active Directory Certificate Services Setup failed in building CA certificate. The request is not supported. 0x80070032 (WIN 32: 50)

↑ Back to the top


Cause

Windows Server 2008 and Windows Vista cannot sign certificates by using DSA if the private key is stored in a CNG-based key storage provider. If you use a Microsoft key storage provider or any other CNG-based providers for DSA, you will experience a failure when the operating system signs certificates or helps to secure e-mail messages.

↑ Back to the top


Resolution

To resolve this problem, use the legacy DSA cryptographic service providers (CSPs).

↑ Back to the top


More information

CNG contains a new set of cryptographic APIs. These APIs are available in Windows Vista and in later operating systems. For more information about CNG, visit the following Microsoft Web site:For more information about how CNG relates to the Active Directory Certificate Services role, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB946387, kbexpertiseinter, kbprb, kbtshoot

↑ Back to the top

Article Info
Article ID : 946387
Revision : 3
Created on : 1/21/2008
Published on : 1/21/2008
Exists online : False
Views : 297