Active Directory Federation Services – Certificate Error ‘CNG Key’

KB ID 0001129


When installing the Active Directory Federation Services Role, you need to supply a certificate. I was running this up using a self signed wildcard certificate when this happened;

ADFS Certificate Error CNG

The certificate with the specified thumbprint {thumbprint} has a Cryptographic Next Generation (CNG) private key. The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy Cryptographic Service Provider.


I was generating a wildcard certificate using this method. By default it uses the CNG Key, you need to specify  Legacy Key instead, (I’ve updated the post mentioned above to point out where that’s done).

ADFS Legacy WildCard Cert

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *