none
NDES SCEP (Intune) and ADCS RRS feed

  • Question

  • Hi,

    Simple question (i hope).

    We are going to build a new two-tier pki with standalone root and issuing CA.

    In the near future we want to use NDES with SCEP and Intune to supply certificates to mobile devices.

    I read on different blogs NDES does not support CNG certificate (https://www.pkisolutions.com/understanding-microsoft-crypto-providers/) for services.

    Does this mean we cannot use RSA#Microsoft Software Key Storage Provider for crypto of the CA during installation of the PKI ?

    Monday, November 18, 2019 7:51 PM

Answers

  • Does this mean we cannot use RSA#Microsoft Software Key Storage Provider for crypto of the CA during installation of the PKI ?

    no, it does mean that you cannot use CNG providers for NDES templates. You can use KSP for your CA without any problems.


    Vadims Podāns, aka Crypt32
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: ASN.1 Editor tool.

    Monday, November 18, 2019 9:15 PM

All replies

  • Does this mean we cannot use RSA#Microsoft Software Key Storage Provider for crypto of the CA during installation of the PKI ?

    no, it does mean that you cannot use CNG providers for NDES templates. You can use KSP for your CA without any problems.


    Vadims Podāns, aka Crypt32
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: ASN.1 Editor tool.

    Monday, November 18, 2019 9:15 PM
  • Hi,

    Thanks for posting here!

    Hope the information provided by Vadims was helpful to you.

    Please feel free to let us know if you need further assistance.

     

    Best Regards,

    Fan



    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, November 19, 2019 8:28 AM