I recently migrated Certificate Services from Windows Server 2003 to Windows Server 2012 R2. We are still utilizing the same cryptographic settings which were configured when our CAs were first configured (Microsoft Strong Cryptographic Provider and SHA-1). In testing the Get-Certificate commandlet I have encountered an error which I believe to be related to our cryptographic settings.
Command I used:
Get-Certificate -Template "CertTemplateName" -DnsName "test01.domain.com" -SubjectName "CN=test01.domain.com" -CertStoreLocation cert:\LocalMachine\My
The error that comes up:
Get-Certificate : A certificate request could not be created. A certificate could not be issued by the certification authority.: Unknown cryptographic algorithm. 0x80091002 (-2146889726 CRYPT_E_UNKNOWN_ALGO)
At line:1 char:1
+ Get-Certificate -Template "CertTemplateName" -DnsName "test01.domai...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-Certificate], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.GetCertificateCommand
Can anyone confirm if this is as a result of the currently utilized CSP?
I should add that we are able to issue certificates without issue otherwise. The only problems I encounter are when using this commandlet.