Operating System Win server 2012 R2 I am creating Root CA in Active directory certificate service.
I am using my custom RSA KSP, (Key Storage Provider) based on CNG(Cryptographic Next Gen. API).
My certificate is created in c:\windows\system32\certsrv\certenroll\mycert.crt All seems well, I open and see my certificates, it seems ok and signatre is also ok.
.........................................
My certsvc is not starting is is saying.
Signature is not valid. The cryptographic sinature is invalid, oxc000a000. Also, .crl is nor created.
When I verify my certificate using
certutil -verify
is says.. cannot check leaf certificate revocation status.
I am not able to check, what's going wrong.
Can I get some hint, what's going on with my CA.
Thanks In Advance.
I figured it out, just after posting the question. When Microsoft ROOT CA is passing signature, in CNG signinig api. It is expecting that we must prepend the NID, or oid and then sign it. and return the same signed bytes.