Go to the command line on the affected Exchange server and run the following command: How to determine it is really your case? How to find out which cryptographic provider actually stores the private key for your certificate? They send some into it a value which is invalid in regard to the Microsoft Software Key Storage Provider. This CspParameter object has another constructor with providerType parameter. The reason lies probably in the constructor of the RSACryptoServiceProvider class which accepts the CspParameters parameter. The unhandled exception was: : Invalid provider type specified.Īt .CreateProvHandle(CspParameters parameters, Boolean randomKe圜ontainer)Īt .GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKe圜ontainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)Īt .GetKeyPair()Īt _PrivateKey()Īt .ParseCadataCookies(HttpApplication httpApplication)Īt .OnBeginRequestInternal(HttpApplication httpApplication)Īt .c_Displa圜lassa.b_9()Īt .ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
Message: An internal server error occurred. You can also observe the following error event in Application event log of the OWA server (an Invalid provider type specified error):Įvent source: MSExchange Front End HTTP Proxy Although IIS supports the new type of private key storage provider since its very beginning in Windows Vista and Windows 2008, and although you definitely can call Enable-ExchangeCertificate -Services IIS with a CNG certificate thumbprint, you will not be able to connect to OWA nor ECP afterwards.Īlthough the certificate gets bound to the IIS web site well, and although client browser can connect to the HTTPS without problems, the logon screen just does not let you further and pops up again with the same password prompt like if you didn't provide correct passoword (although it does not even tell you the password is wrong - it just restarts plain). Today, I have found that not even Exchange Server 2013 OWA web application supports RSA certificates stored in CNG's Microsoft Software Key Storage Provider. But they do not support RSA certificates in CNG storage either. Not that I would ask them to support ECDH certificates.
Since then, not even SQL Server 2012 R2 supports the CNG certificates yet. It has been nearly eight years since 2006 when the new CNG ( Cryptography Next Generation) was first introduced in Windows Vista with the goal to be the primary cryptography interface which should asap replace the older CryptoAPI and its CSP ( Cryptographic Service Provider) modules. What? Are they mad? The Exchange 2013 OWA ( Outlook Web App or Outlook Web Access) does not support CNG certificates?
0 kommentar(er)
