Retired Microsoft Blog disclaimer
This directory is a mirror of retired "Windows PKI Team" TechNet blog and is provided as is. All posting authorship and copyrights belong to respective authors.
Original URL:
Post name: Best Practice for Configuring Certificate Template Cryptography
Original author: Kurt L Hudson MSFT
Posting date: 2012-04-27T18:34:00+00:00

Starting with Windows Vista and Windows Server 2008, the option to utilize Key Storage Providers (KSPs) in addition to Cryptographic Service Providers (CSPs) was added. These options are available when you create a Certificate Template and configure the settings in the Cryptography tab. Depending on the template duplicated, you may see that the default option is Request can use any provider available on the subject’s computer. However, the best practice is to select Requests must use one of the following providers. Then, ensure you configure only the providers that you want to be used. Another best practice is to use a key size of 1024 bits or higher.

More about this topic is on the TechNet Wiki

Share this article:


Comments are closed.