Invalid provider type specified. CryptographicException

7

I am trying to run the script GetAppConfigSettings.ps1 from Microsoft docs help setting up a Key Vault

The script contains the following

# **********************************************************************************************
# Prep the cert credential data
# **********************************************************************************************
$certificateName = "$applicationName" + "cert"
$myCertThumbprint = (New-SelfSignedCertificate -Type Custom -Subject "$certificateName"-KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Provider "Microsoft Enhanced Cryptographic Provider v1.0" ).Thumbprint
$x509 = (Get-ChildItem -Path cert:\CurrentUser\My\$myCertthumbprint)
$password = Read-Host -Prompt "Please enter the certificate password." -AsSecureString

# Saving the self-signed cert and pfx (private key) in case it's needed later
Export-Certificate -cert $x509 -FilePath ".\$certificateName.cer"
Export-PfxCertificate -Cert $x509 -FilePath ".\$certificateName.pfx" -Password $password

Running the script ( after setting the variables) produces the following error

New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Provider type not defined. 
0x80090017 (-2146893801 NTE_PROV_TYPE_NOT_DEF)
At \\tsclient\E\EShared\Dev\Microsoft.Azure.KeyVault.Samples-2016.11.22 
(1)\Microsoft.Azure.KeyVault.Samples\scripts\GetAppConfigSettings.ps1:38 char:22
+ ... umbprint = (New-SelfSignedCertificate -Type Custom -Subject "$certifi ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-SelfSignedCertificate], Exception
    + FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.NewSelfSignedC 
   ertificateCommand

[Update]

Microsoft Support advised me to change the provider to "Microsoft Platform Crypto Provider"

However I still get the error.

For Powershell, $PSVersionTable reports 5.1.17134.112

I have Version 5.7.0 of AzureRM installed

powershell
azure-keyvault
asked on Stack Overflow Jun 19, 2018 by Kirsten Greed • edited Jun 25, 2018 by Kirsten Greed

2 Answers

1

Microsoft support helped me out with this line

$myCertThumbprint = (New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My
-subject MyCert -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(10) 
-Type CodeSigningCert -KeySpec Signature).Thumbprint

The AuthClientId and AuthCertThumbprint values I need for the HelloKeyVault app.config are created.

The AuthClientId displays in the portal as the Application ID and is vissible in the Registered app settings.

To get to it click Azure Active Directory -> App registrations Then click View all applications click on the application then settings

To see the Thumbprint doe the same and then click Keys

enter image description here

I can see AuthClientId

answered on Stack Overflow Jun 28, 2018 by Kirsten Greed • edited Jun 28, 2018 by Kirsten Greed
1

Please use this sample to learn how to use Key Vault with DotNet and authenticate to Azure Active Directory with a Service Principal's Certificate https://github.com/Azure-Samples/key-vault-dotnet-quickstart

answered on Stack Overflow Jul 7, 2018 by Prashanth Y

User contributions licensed under CC BY-SA 3.0