I use Windows 10 and want to create a self-signed certificate with a custom cryptographic provider for my application's test. and here is my script:
New-SelfSignedCertificate -CertStoreLocation "Cert:\LocalMachine\My" -Provider "Microsoft Base Cryptographic Provider v1.0" -Subject "CN=test" -KeyUsage "CertSign", "CRLSign", "DigitalSignature", "NonRepudiation" -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(40) -Type Custom
but i get this error:
New-SelfSignedCertificate : CertEnroll::CX509Enrollment::_CreateRequest: Provider type not defined. 0x80090017 (-2146893801 NTE_PROV_TYPE_NOT_DEF)
At line:1 char:2
+ New-SelfSignedCertificate -CertStoreLocation "Cert:\LocalMachine\My" ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-SelfSignedCertificate], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.NewSelfSignedCertificateCommand
I should use Microsoft Base Cryptographic Provider v1.0 as provider (because my testing app only accepts certs with this provider) but got above error. how should i set Porvider Type mentioned in error message?!
When using legacy CSPs, you have to specify -KeySpec parameter where you provide the key type: key exchange or signature. Based on your values, it should be AT_SIGNATURE, i.e. -KeySpec 2.